5 matches found
CVE-2023-27709
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dedestorycatalog.php endpoint...
DedeCMS 5.x SQL Injection Vulnerability (CVE-2023-27709)
DedeCMS is prone to an SQL injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dedecms:dedecms"; if...
CVE-2023-27709
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dedestorycatalog.php endpoint...
CVE-2023-27709
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank parameter in the /dedestorycatalog.php endpoint...
CVE-2023-27709
Summary (CVE-2023-27709): DedeCMS 5.x vulnerable to SQL injection through the rank_* parameter in the /dedestory_catalog.php endpoint (DedeCMS v5.7.106). This could allow a remote attacker to execute arbitrary code. The CVSSv3.1 base score is 7.2 (HIGH). Affected software: DedeCMS v5.7.106 (and 5...