SQL Injection Flaw in DedeCMS Affects Version 5.7.112
CVE-2024-3148

8.8HIGH

Key Information:

Vendor

DedeCMS

Status
Dedecms
Vendor
CVE Published:
2 April 2024

Badges

👾 Exploit Exists

What is CVE-2024-3148?

A significant vulnerability exists in DedeCMS version 5.7.112, where improper handling of the script dede/makehtml_archives_action.php allows attackers to execute SQL injection attacks remotely. This flaw enables malicious users to alter database queries, potentially compromising sensitive data and system integrity. Although the vendor was informed of this issue, no response has been documented, leaving users at risk. It is critical for users of DedeCMS to apply necessary security measures or consider upgrading their systems to mitigate potential exploitation.

Affected Version(s)

DedeCMS 5.7.112

References

https://vuldb.com/?id.258923
vdb-entry
https://vuldb.com/?ctiid.258923
signaturepermissions-required
https://vuldb.com/?submit.303889
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

Credit

gatsby (VulDB User)
.