CVE-2024-7904

Name of the Vulnerable Software and Affected Versions DedeBIZ version 6.3.0

Description A critical issue was found in DedeBIZ, affecting some unknown functionality of the file admin/file manage control.php of the component File Extension Handler. The manipulation of the upfile1 argument leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For DedeBIZ version 6.3.0, update to version 6.3.1 as soon as possible to stay secure. As a temporary workaround, consider restricting access to the admin/file manage control.php file and the upfile1 argument to minimize the risk of exploitation.