CVE-2023-5022

Summary

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifier of this vulnerability is VDB-239863.

Affected Software

VendorProductVersion RangeStatus
n/aDedeCMS5.0affected
n/aDedeCMS5.1affected
n/aDedeCMS5.2affected
n/aDedeCMS5.3affected
n/aDedeCMS5.4affected
n/aDedeCMS5.5affected
n/aDedeCMS5.6affected
n/aDedeCMS5.7affected

Weaknesses

  • CWE-36: CWE-36 Absolute Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References