CVE-2024-4790

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.114

Description A problematic vulnerability has been found in DedeCMS, affecting the file /sys verifies.php?action=view. The manipulation of the filename argument with the input ../../../../../etc/passwd leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For DedeCMS version 5.7.114, patch immediately to prevent potential file disclosure and monitor for exploit attempts. As a temporary workaround, consider restricting access to the /sys verifies.php?action=view endpoint until a patch is available. Avoid using the filename argument in the affected endpoint until the issue is resolved.