Taroballzchen

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 SP2 Description: The issue allows a remote attacker to send a malicious request to the web manager, enabling remote code execution. This is made possible by a CSRF vulnerability. Recommendations: For DedeCMS version 5.7 SP2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version V5.7 SP2 **Description** A XSS issue in the "/uploads/dede/action search.php" endpoint allows an authenticated user to execute remote arbitrary code via the `keyword` parameter. **Recommendations** For DedeCMS version V5.7 SP2, as a temporary workaround, consider restricting access to the "/uploads/dede/action search.php" endpoint until a patch is available. Avoid using the `keyword` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.