Fishkey1

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A Cross-Site Request Forgery (CSRF) issue was found in DedeCMS via the `/src/dede/member scores.php` endpoint. This allows for malicious requests to be made on behalf of the user. **Recommendations** For DedeCMS version 5.7, as a temporary workaround, consider restricting access to the `/src/dede/member scores.php` endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.