CVE-2023-2928

Name of the Vulnerable Software and Affected Versions DedeCMS versions up to 5.7.106

Description A critical issue affects an unknown functionality of the file uploads/dede/article allowurl edit.php. The manipulation of the allurls argument leads to code injection. The attack can be launched remotely.

Recommendations For versions up to 5.7.106, consider disabling the functionality related to the allurls argument in the uploads/dede/article allowurl edit.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.