PT-2026-27447 · Dedecms · Dedecms
Peng Wu
·
Publicado
2026-03-24
·
Atualizado
2026-03-24
·
CVE-2026-29839
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
DedeCMS version 5.7.118
Description
The software contains a Cross-Site Request Forgery (CSRF) issue in the
/sys task add.php file. A Cross-Site Request Forgery attack allows an attacker to induce a user to perform unwanted actions on a web application in which they’re currently authenticated. The vulnerable file is /sys task add.php.Recommendations
Update to a newer version of DedeCMS that addresses this issue. As a temporary workaround, consider implementing CSRF protection mechanisms for the
/sys task add.php endpoint.Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dedecms