PT-2023-23451 · Dedecms · Dedecms
Sleepyvv
·
Published
2023-05-19
·
Updated
2025-01-21
·
CVE-2023-31757
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
DedeCMS versions up to 5.7.108
Description
The issue concerns a problem where an attacker can execute malicious scripts. This is possible due to a flaw in the
sys info.php file, specifically through the parameters edit cfg powerby and edit cfg beian.Recommendations
For DedeCMS versions up to 5.7.108, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the
sys info.php file and avoiding the use of the parameters edit cfg powerby and edit cfg beian until the issue is resolved.Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dedecms