CVE-2024-52769

Name of the Vulnerable Software and Affected Versions DedeBIZ version 6.3.0

Description An arbitrary file upload issue in the /admin/friendlink edit component allows attackers to execute arbitrary code by uploading a crafted file. The friendlink edit component is vulnerable to this issue, which can be exploited by uploading malicious files.

Recommendations For DedeBIZ version 6.3.0, consider restricting access to the /admin/friendlink edit component until a patch is available. As a temporary workaround, avoid using the file upload functionality in this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.