CVE-2023-5301

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.111

Description A critical vulnerability was found in DedeCMS, affecting the AddMyAddon function of the album add.php file. The manipulation of the albumUploadFiles argument leads to os command injection. The attack can be initiated remotely.

Recommendations For DedeCMS version 5.7.111, as a temporary workaround, consider disabling the AddMyAddon function until a patch is available. Restrict access to the album add.php file to minimize the risk of exploitation. Avoid using the albumUploadFiles argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.