DedeBIZ makehtml_taglist_action.php sql injection
CVE-2023-5268

7.2HIGH

Key Information:

Vendor

Dedebiz

Status
DedeBIZ
Vendor
CVE Published:
29 September 2023

What is CVE-2023-5268?

A security flaw has been identified in DedeBIZ 6.2 that exposes the system to SQL injection through improper handling of the 'mktime' argument in the /src/admin/makehtml_taglist_action.php file. This vulnerability allows an attacker to manipulate input, potentially leading to unauthorized database access or data leakage. The exploit can be executed remotely, making it a significant risk for users of DedeBIZ. Public disclosure of this vulnerability has raised awareness, and immediate action is recommended to mitigate potential attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DedeBIZ 6.2

References

https://vuldb.com/?id.240881
vdb-entrytechnical-description
https://vuldb.com/?ctiid.240881
signaturepermissions-required
https://github.com/yhy217/dedebiz--vul/issues/2
exploitissue-tracking

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jamspilly (VulDB User)
JSON
.