DedeBIZ content_batchup_action.php sql injection
CVE-2023-6755

7.2HIGH

Key Information:

Vendor

Dedebiz

Status
DedeBIZ
Vendor
CVE Published:
13 December 2023

What is CVE-2023-6755?

A vulnerability exists in DedeBIZ 6.2 that allows for SQL injection via manipulation of the 'endid' argument in the /src/admin/content_batchup_action.php file. This issue enables attackers to execute arbitrary SQL code remotely, potentially compromising the database and allowing for unauthorized access to sensitive information. The vulnerability has been publicly disclosed, raising concerns about its exploitation in the wild. Despite early notification to the vendor, no response was received, leaving users at risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DedeBIZ 6.2

References

https://vuldb.com/?id.247883
vdb-entrytechnical-description
https://vuldb.com/?ctiid.247883
signaturepermissions-required
https://github.com/ycwxy/test/issues/1
exploitissue-tracking

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

smallCatCat (VulDB User)
JSON
.