R21Z20

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7.88 **Description** A flaw in the `base64 decode()` function within the '/plus/download.php?open=1' endpoint allows for server-side request forgery (SSRF), a condition where a server is tricked into making unauthorized requests to internal or external resources. This occurs through the manipulation of the `Link` argument, enabling remote exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/plus/download.php?open=1' endpoint or avoid using the `Link` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7.88 **Description** An issue exists in the Feedback Handler component within the `/plus/feedback.php` file. A remote attacker can perform SQL injection, which is a technique used to manipulate database queries, by manipulating the `msg` argument passed to the `TrimMsg()` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7.88 **Description** A remote SQL injection is possible through the manipulation of the `msg` argument within the `dede htmlspecialchars()` function located in the '/plus/flink.php' file. **Recommendations** As a temporary workaround, restrict access to the '/plus/flink.php' file or avoid using the `msg` parameter until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7.88 **Description** A security flaw exists in the `RemoveXSS()` function within the '/plus/carbuyaction.php' file. Remote attackers can perform SQL injection, which is a technique used to manipulate a database by inserting malicious SQL code into a query, by manipulating the `postname` and `des` arguments. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/plus/carbuyaction.php' file or avoid using the `postname` and `des` arguments in that endpoint.

**Name of the Vulnerable Software and Affected Versions** GreenCMS versions prior to 2.3 **Description** A flaw in the `pluginAddLocal()` function within the '/index.php?m=admin&c=custom&a=pluginadd' endpoint allows for unrestricted file upload. This issue can be triggered remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GreenCMS versions prior to 2.3 **Description** A flaw in the `themeadd()` function within the '/index.php?m=admin&c=custom&a=themeadd' endpoint allows for unrestricted file upload. This issue can be exploited remotely. **Recommendations** As a temporary workaround, restrict access to the '/index.php?m=admin&c=custom&a=themeadd' endpoint or disable the `themeadd()` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.