Arbitrary Code Execution via File Upload Vulnerability
CVE-2024-46373

Currently unrated

Key Information:

Vendor: Dedecms
Status: Dedecms
Vendor: CVE Published:; 18 September 2024

What is CVE-2024-46373?

Dedecms V5.7.115 has a vulnerability in its backend that allows for arbitrary code execution through a malicious file upload. This security flaw enables an attacker to potentially execute unauthorized commands on the server, jeopardizing the integrity and security of the application and its underlying infrastructure. Proper mitigations and updates are essential for users of this product to protect against exploitation.

References

https://github.com/gaorenyusi/gaorenyusi/blob/main/CVE-20...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2024