Urkc

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A vulnerability was found in DedeCMS, affecting an unknown function of the file /src/dede/sys safe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For DedeCMS version 5.7, as a temporary workaround, consider restricting access to the file /src/dede/sys safe.php until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A vulnerability was found in DedeCMS, affecting some unknown functionality of the file /src/dede/sys info.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For DedeCMS version 5.7, as a temporary workaround, consider restricting access to the file /src/dede/sys info.php until a patch is available. Avoid using the affected functionality of this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A vulnerability has been found in DedeCMS, affecting an unknown part of the file /src/dede/sys group add.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For DedeCMS version 5.7, as a temporary workaround, consider restricting access to the /src/dede/sys group add.php file until a patch is available. Avoid using this file in a way that could initiate a cross-site request forgery attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A vulnerability was found in DedeCMS, affecting unknown code of the file /src/dede/sys group edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For DedeCMS version 5.7, as a temporary workaround, consider restricting access to the /src/dede/sys group edit.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A problematic issue has been found in DedeCMS, affecting the processing of the file /src/dede/sys multiserv.php. This leads to cross-site request forgery, which can be initiated remotely. The exploit has been disclosed to the public. The vendor was contacted about this disclosure but did not respond. **Recommendations** For DedeCMS version 5.7, as a temporary workaround, consider restricting access to the /src/dede/sys multiserv.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A problematic vulnerability was found in DedeCMS, affecting an unknown part of the file /src/dede/member type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: For DedeCMS version 5.7, as a temporary workaround, consider restricting access to the /src/dede/member type.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A vulnerability has been found in DedeCMS, affecting unknown code of the file /src/dede/shops delivery.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. **Recommendations** For DedeCMS version 5.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A issue was found in the processing of the file /src/dede/tpl.php, which can lead to cross-site request forgery. The attack may be initiated remotely. **Recommendations** For DedeCMS version 5.7, consider restricting access to the /src/dede/tpl.php file until a patch is available. As a temporary workaround, avoid using the affected file for sensitive operations. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A problematic issue was found in DedeCMS, affecting an unknown function of the file /src/dede/mytag add.php. This issue leads to cross-site request forgery and can be exploited remotely. **Recommendations** For DedeCMS version 5.7, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A vulnerability was found in DedeCMS, affecting an unknown functionality of the file /src/dede/mytag edit.php. This issue leads to cross-site request forgery and can be launched remotely. **Recommendations** For DedeCMS version 5.7, as a temporary workaround, consider restricting access to the /src/dede/mytag edit.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A problem was found in DedeCMS. It affects some unknown functionality of the file /src/dede/makehtml js action.php. The issue leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted about this issue but did not respond. **Recommendations** For DedeCMS version 5.7, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A problematic issue has been found in DedeCMS, affecting an unknown part of the file /src/dede/makehtml rss action.php. This issue leads to cross-site request forgery and can be initiated remotely. The exploit has been disclosed publicly. The vendor was contacted about this issue but did not respond. **Recommendations** For DedeCMS version 5.7, consider restricting access to the /src/dede/makehtml rss action.php file as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A problematic vulnerability was found in DedeCMS, affecting unknown code of the file /src/dede/makehtml map.php. This issue leads to cross-site request forgery and can be initiated remotely. The exploit has been disclosed to the public. The vendor was contacted about this disclosure but did not respond. **Recommendations** For DedeCMS version 5.7, as a temporary workaround, consider restricting access to the /src/dede/makehtml map.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** A vulnerability was found in DedeCMS, affecting an unknown functionality of the file /src/dede/makehtml spec.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For DedeCMS version 5.7, as a temporary workaround, consider restricting access to the file /src/dede/makehtml spec.php until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.