MEDIUM🇵🇱 Wersja polska

CVE-2023-2059

CVSS 4.3v3.1pub. 2023-04-14upd. 2024-11-21

A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225944.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  • Dedecms

    APP
    Dedecms
    5.7.87
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2026-30643CRITICAL9.8PL ✓ten sam produkt

DedeCMS 5.7.118 — zdalne wykonanie kodu przez upload modułu (RCE)

CVE-2026-30694CRITICAL9.8PL ✓ten sam produkt

RCE w DedeCMS poprzez komponent array_filter

CVE-2024-35510CRITICAL9.8PL ✓ten sam produkt

DedeCMS – arbitrary file upload umożliwiający RCE

CVE-2024-35375CRITICAL9.8PL ✓ten sam produkt

DedeCMS 5.7.114 — arbitrary file upload w panelu administracyjnym

CVE-2024-33749CRITICAL9.1PL ✓ten sam produkt

DedeCMS – nieautoryzowane usunięcie dowolnego pliku przez mail_file_manage.php

CVE-2023-2059 — Dedecms — MEDIUM — CVSS 4.3 | CVEbaza.pl