CVE-2023-30380

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.107

Description The issue is related to a directory traversal vulnerability in the /dialog/select media.php component of DedeCMS. This vulnerability is caused by incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to read arbitrary files.

Recommendations For DedeCMS version 5.7.107, consider restricting access to the /dialog/select media.php component until a patch is available. As a temporary workaround, avoid using the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.