SQL Injection Vulnerability in DedeCMS by Dede
CVE-2026-10607

6.9MEDIUM

Key Information:

Vendor

Dede

Status
Dedecms
Vendor
CVE Published:
2 June 2026

What is CVE-2026-10607?

A security vulnerability has been identified in DedeCMS version 5.7.88 affecting the dede_htmlspecialchars function in the flink.php file. This vulnerability allows an attacker to manipulate the 'msg' argument, potentially leading to SQL injection attacks. Such exploits can be executed remotely, emphasizing the need for immediate attention. Given the availability of exploitation tools, it is crucial for users of affected versions to implement security measures to safeguard their systems.

Affected Version(s)

DedeCMS 5.7.88

References

https://vuldb.com/vuln/367914
vdb-entrytechnical-description
https://vuldb.com/vuln/367914/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-10607
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

R21Z20 (VulDB User)
VulDB Vulnerability Moderation Team
.