CVE-2024-3146

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7

Description A problematic issue has been found in DedeCMS, affecting an unknown part of the file /src/dede/makehtml rss action.php. This issue leads to cross-site request forgery and can be initiated remotely. The exploit has been disclosed publicly. The vendor was contacted about this issue but did not respond.

Recommendations For DedeCMS version 5.7, consider restricting access to the /src/dede/makehtml rss action.php file as a temporary workaround until a patch is available.