2 matches found
CVE-2023-27707
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dede/groupstore.php endpoint...
CVE-2023-27707
CVE-2023-27707 affects DedeCMS v5.7.106. It describes an SQL injection in /dede/group_store.php via the rank_* parameter, enabling a remote attacker to execute arbitrary code. The CVSS v3.1 base score is 7.2 (HIGH) with network attack, low complexity, and no user interaction; impact on confidenti...