HomePentest-Tools.com Logo

DedeCMS <= 5.7.107 Multiple Vulnerabilities CVE-2022-40886CVE-2023-2056CVE-2023-2059CVE-2023-2424CVE-2023-27733CVE-2023-30380

CVSSv3 Score
Vulnerability description

DedeCMS is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2022-40886: There is a file upload function in the background, which can write malicious code to bypass detection and cause RCE vulnerabilities. - CVE-2023-2056: Function GetSystemFile in the file module_main.php can lead to code injection. - CVE-2023-2059: Unknown functionality in the file uploads/include/dialog/select_templets.php leads to path traversal: ..\filedir. - CVE-2023-2424: Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. - CVE-2023-27733: SQL injection via the component /dede/sys_sql_query.php - CVE-2023-30380: Directory traversal in DedeCMS leads attacker to traverse server directories.


No known solution is available as of 05th May, 2023. Information regarding this issue will be updated once solution details are available.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Oct 3, 2022
Detection added at
Software Type
Not available
Not available
Not available