HomePentest-Tools.com Logo

DedeCMS <= 5.7.107 Multiple Vulnerabilities CVE-2022-40886CVE-2023-2056CVE-2023-2059CVE-2023-2424CVE-2023-27733CVE-2023-30380

Severity
CVSSv3 Score
7.5
Vulnerability description

DedeCMS is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2022-40886: There is a file upload function in the background, which can write malicious code to bypass detection and cause RCE vulnerabilities. - CVE-2023-2056: Function GetSystemFile in the file module_main.php can lead to code injection. - CVE-2023-2059: Unknown functionality in the file uploads/include/dialog/select_templets.php leads to path traversal: ..\filedir. - CVE-2023-2424: Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. - CVE-2023-27733: SQL injection via the component /dede/sys_sql_query.php - CVE-2023-30380: Directory traversal in DedeCMS leads attacker to traverse server directories.

Recommendation

No known solution is available as of 05th May, 2023. Information regarding this issue will be updated once solution details are available.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 3, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available