CVE-2024-11138

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.116

Description A vulnerability has been found in DedeCMS, affecting the file /dede/uploads/dede/friendlink add.php. The manipulation of the logoimg argument leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue poses a potential risk of remote code execution.

Recommendations For DedeCMS version 5.7.116, patch immediately to prevent potential exploitation and monitor for exploit attempts. As a temporary workaround, consider restricting access to the friendlink add.php file or disabling the logoimg argument until a patch is available.