CVE-2023-43275

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7

Description The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in the backend management interface. This vulnerability allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form via the "/catalog add.php" API endpoint.

Recommendations For DedeCMS version 5.7, consider disabling access to the "/catalog add.php" endpoint until a patch is available to prevent exploitation. Restrict the submission of forms with unverified token values to minimize the risk of CSRF attacks.