CVE-2023-43234

Name of the Vulnerable Software and Affected Versions DedeBIZ version 6.2.11

Description The issue concerns multiple remote code execution (RCE) vulnerabilities. These vulnerabilities are located at the "/admin/file manage control.php" API endpoint via the $activepath and $filename parameters.

Recommendations For DedeBIZ version 6.2.11, consider disabling access to the "/admin/file manage control.php" endpoint until a patch is available. Additionally, restrict the use of the $activepath and $filename parameters in this endpoint to minimize the risk of exploitation.