CVE-2023-5022

High

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown…

VulDB·CWE-36·Published 2023-09-17

CVSS

8.8

EPSS

0.01

KEV

Exploits

cve.orgde

331 chars

In DedeCMS bis 5.7.100 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /include/dialog/select_templets_post.php. Durch Manipulieren des Arguments activepath mit unbekannten Daten kann eine absolute path traversal-Schwachstelle ausgenutzt werden.

cve.orgen

337 chars

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifier of this vulnerability is VDB-239863.

NVDen

337 chars

NVDes

348 chars

Una vulnerabilidad ha sido encontrada en DedeCMS hasta 5.7.100 y clasificada como crítica. Una función desconocida del archivo /include/dialog/select_templets_post.php es afectada por esta vulnerabilidad. La manipulación del argumento ruta activa conduce a un Path Traversal absoluto. El identificador asociado de esta vulnerabilidad es VDB-239863.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	cve.org	5.2	—	—	AV:A/AC:L/Au:S/C:P/I:P/A:P
2.0	Primary	cve.org	5.2	—	—	AV:A/AC:L/Au:S/C:P/I:P/A:P
2.0	Secondary	NVD	5.2	5.1	6.4	AV:A/AC:L/Au:S/C:P/I:P/A:P
3.0	Primary	cve.org	5.5	—	—	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.0	Primary	cve.org	5.5	—	—	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	5.5	—	—	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.1	Primary	cve.org	5.5	—	—	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.1	Secondary	NVD	5.5	2.1	3.4	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L