CVE-2023-37839

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.109

Description The issue is related to an arbitrary file upload vulnerability. It affects the /dede/file manage control.php endpoint, allowing attackers to execute arbitrary code by uploading a crafted PHP file.

Recommendations For DedeCMS version 5.7.109, consider removing or restricting access to the /dede/file manage control.php endpoint until a fix is available, and avoid uploading files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.