CVE-2023-2056
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225941 was assigned to this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | DedeCMS | 5.7.0 | affected |
| n/a | DedeCMS | 5.7.1 | affected |
| n/a | DedeCMS | 5.7.2 | affected |
| n/a | DedeCMS | 5.7.3 | affected |
| n/a | DedeCMS | 5.7.4 | affected |
| n/a | DedeCMS | 5.7.5 | affected |
| n/a | DedeCMS | 5.7.6 | affected |
| n/a | DedeCMS | 5.7.7 | affected |
| n/a | DedeCMS | 5.7.8 | affected |
| n/a | DedeCMS | 5.7.9 | affected |
| n/a | DedeCMS | 5.7.10 | affected |
| n/a | DedeCMS | 5.7.11 | affected |
| n/a | DedeCMS | 5.7.12 | affected |
| n/a | DedeCMS | 5.7.13 | affected |
| n/a | DedeCMS | 5.7.14 | affected |
| n/a | DedeCMS | 5.7.15 | affected |
| n/a | DedeCMS | 5.7.16 | affected |
| n/a | DedeCMS | 5.7.17 | affected |
| n/a | DedeCMS | 5.7.18 | affected |
| n/a | DedeCMS | 5.7.19 | affected |
| n/a | DedeCMS | 5.7.20 | affected |
| n/a | DedeCMS | 5.7.21 | affected |
| n/a | DedeCMS | 5.7.22 | affected |
| n/a | DedeCMS | 5.7.23 | affected |
| n/a | DedeCMS | 5.7.24 | affected |
| n/a | DedeCMS | 5.7.25 | affected |
| n/a | DedeCMS | 5.7.26 | affected |
| n/a | DedeCMS | 5.7.27 | affected |
| n/a | DedeCMS | 5.7.28 | affected |
| n/a | DedeCMS | 5.7.29 | affected |
| n/a | DedeCMS | 5.7.30 | affected |
| n/a | DedeCMS | 5.7.31 | affected |
| n/a | DedeCMS | 5.7.32 | affected |
| n/a | DedeCMS | 5.7.33 | affected |
| n/a | DedeCMS | 5.7.34 | affected |
| n/a | DedeCMS | 5.7.35 | affected |
| n/a | DedeCMS | 5.7.36 | affected |
| n/a | DedeCMS | 5.7.37 | affected |
| n/a | DedeCMS | 5.7.38 | affected |
| n/a | DedeCMS | 5.7.39 | affected |
| n/a | DedeCMS | 5.7.40 | affected |
| n/a | DedeCMS | 5.7.41 | affected |
| n/a | DedeCMS | 5.7.42 | affected |
| n/a | DedeCMS | 5.7.43 | affected |
| n/a | DedeCMS | 5.7.44 | affected |
| n/a | DedeCMS | 5.7.45 | affected |
| n/a | DedeCMS | 5.7.46 | affected |
| n/a | DedeCMS | 5.7.47 | affected |
| n/a | DedeCMS | 5.7.48 | affected |
| n/a | DedeCMS | 5.7.49 | affected |
| n/a | DedeCMS | 5.7.50 | affected |
| n/a | DedeCMS | 5.7.51 | affected |
| n/a | DedeCMS | 5.7.52 | affected |
| n/a | DedeCMS | 5.7.53 | affected |
| n/a | DedeCMS | 5.7.54 | affected |
| n/a | DedeCMS | 5.7.55 | affected |
| n/a | DedeCMS | 5.7.56 | affected |
| n/a | DedeCMS | 5.7.57 | affected |
| n/a | DedeCMS | 5.7.58 | affected |
| n/a | DedeCMS | 5.7.59 | affected |
| n/a | DedeCMS | 5.7.60 | affected |
| n/a | DedeCMS | 5.7.61 | affected |
| n/a | DedeCMS | 5.7.62 | affected |
| n/a | DedeCMS | 5.7.63 | affected |
| n/a | DedeCMS | 5.7.64 | affected |
| n/a | DedeCMS | 5.7.65 | affected |
| n/a | DedeCMS | 5.7.66 | affected |
| n/a | DedeCMS | 5.7.67 | affected |
| n/a | DedeCMS | 5.7.68 | affected |
| n/a | DedeCMS | 5.7.69 | affected |
| n/a | DedeCMS | 5.7.70 | affected |
| n/a | DedeCMS | 5.7.71 | affected |
| n/a | DedeCMS | 5.7.72 | affected |
| n/a | DedeCMS | 5.7.73 | affected |
| n/a | DedeCMS | 5.7.74 | affected |
| n/a | DedeCMS | 5.7.75 | affected |
| n/a | DedeCMS | 5.7.76 | affected |
| n/a | DedeCMS | 5.7.77 | affected |
| n/a | DedeCMS | 5.7.78 | affected |
| n/a | DedeCMS | 5.7.79 | affected |
| n/a | DedeCMS | 5.7.80 | affected |
| n/a | DedeCMS | 5.7.81 | affected |
| n/a | DedeCMS | 5.7.82 | affected |
| n/a | DedeCMS | 5.7.83 | affected |
| n/a | DedeCMS | 5.7.84 | affected |
| n/a | DedeCMS | 5.7.85 | affected |
| n/a | DedeCMS | 5.7.86 | affected |
| n/a | DedeCMS | 5.7.87 | affected |
Weaknesses
- CWE-94: CWE-94 Code Injection
ADP Enrichment
CVE Program Container
Additional References
- https://vuldb.com/?id.225941
- https://vuldb.com/?ctiid.225941
- https://gitee.com/ashe-king/cve/blob/master/dedecms%20rce2.md
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/?id.225941
- https://vuldb.com/?ctiid.225941
- https://gitee.com/ashe-king/cve/blob/master/dedecms%20rce2.md
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.