CVE-2024-2821

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7

Description A problematic issue has been found in DedeCMS, affecting some unknown functionality of the file /src/dede/friendlink edit.php. The manipulation of the id argument leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond.

Recommendations For DedeCMS version 5.7, as a temporary workaround, consider disabling the functionality related to the file /src/dede/friendlink edit.php until a patch is available. Restrict access to the id argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.