Dedecms: >> Dedecms >> 5.7.114 Security Vulnerabilities
A vulnerability classified as problematic has been found in DedeCMS 5.7.114. This affects an unknown part of the file /sys_verifies.php?action=view. The manipulation of the argument filename with the input ../../../../../etc/passwd leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263889 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.3
EPSS Score
0.005
Published
2024-05-14
An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-05-14
DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-05-06
Page 2