Unrestricted Upload Vulnerability in DedeCMS 5.7.116 by DedeCMS
CVE-2024-11138

9.8CRITICAL

Key Information:

Vendor
Dedecms
Status
Vendor
CVE Published:
12 November 2024

Summary

An issue has been identified in DedeCMS version 5.7.116 that involves an unrestricted upload vulnerability present in the /dede/uploads/dede/friendlink_add.php file. The flaw arises from improper handling of the 'logoimg' parameter, permitting adversaries to upload arbitrary files. This vulnerability can be exploited remotely, posing a significant risk to the integrity and security of affected DedeCMS installations. Public disclosure of this vulnerability increases the urgency for users to apply necessary patches and safeguards.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.