CVE-2024-3685

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.112-UTF8

Description A critical issue was found in DedeCMS, affecting an unknown function of the file stepselect main.php. The manipulation of the ids argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For DedeCMS version 5.7.112-UTF8, as a temporary workaround, consider restricting access to the stepselect main.php file until a patch is available. Avoid using the ids argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.