SQL Injection Vulnerability in DedeCMS Feedback Handler
CVE-2026-10606

6.9MEDIUM

Key Information:

Vendor

DedeCMS

Status
Dedecms
Vendor
CVE Published:
2 June 2026

What is CVE-2026-10606?

A vulnerability in DedeCMS version 5.7.88 has been identified within the Feedback Handler component, specifically in the TrimMsg function of /plus/feedback.php. This weakness allows for an SQL injection attack through crafted manipulations of the 'msg' argument. The attack can be executed remotely, potentially compromising the integrity of the database. Public disclosure of this exploit highlights the urgency for users to apply security patches and ensure their installations are secure against potential malicious activity.

Affected Version(s)

DedeCMS 5.7.88

References

https://vuldb.com/vuln/367913
vdb-entrytechnical-description
https://vuldb.com/vuln/367913/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-10606
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

R21Z20 (VulDB User)
VulDB Vulnerability Moderation Team
.