Unrestricted Upload Vulnerability in DedeCMS 5.7.116 by DedeCMS
CVE-2024-11138
9.8CRITICAL
Summary
An issue has been identified in DedeCMS version 5.7.116 that involves an unrestricted upload vulnerability present in the /dede/uploads/dede/friendlink_add.php file. The flaw arises from improper handling of the 'logoimg' parameter, permitting adversaries to upload arbitrary files. This vulnerability can be exploited remotely, posing a significant risk to the integrity and security of affected DedeCMS installations. Public disclosure of this vulnerability increases the urgency for users to apply necessary patches and safeguards.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published