CVE-2023-27709

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.106

Description A SQL injection issue allows a remote attacker to execute arbitrary code via the rank * parameter in the "/dedestory catalog.php" endpoint.

Recommendations For DedeCMS version 5.7.106, as a temporary workaround, consider restricting access to the "/dedestory catalog.php" endpoint until a patch is available. Avoid using the rank * parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.