A remote attacker could leverage these issues to execute arbitrary code in the context of the affected website.
An unauthenticated user could also access and modify the sensitive data of another user via the co_user parameter.
A remote attacker could access and potentially modify the data of another user via the co_user parameter.
An authenticated user could view the data of another user via the co_user parameter.
An authenticated user could access and potentially modify the data of another user via the co_user parameter.
Lastly, DedeCMS V5.7.97 was discovered to contain multiple SQL injection flaws at /dede/search.php via the q parameter.
A remote attacker could exploit these issues to obtain sensitive information from the database.
END
DedeCMS V5.7.97 was discovered to have a cross-site request forgery (CSRF) flaw at /dede/admin.php via the d parameter.
A remote attacker could exploit this issue to hijack the authentication of users for other sites.
END DedeCMS V5.7.97 was discovered to have a reflected cross-site scripting (XSS) vulnerability at /dede/co_do.php via the r parameter.
END
DedeCMS V5.7.97 was discovered to have a SQL injection vulnerability at /dede/search.php via the q
DedeCMS V5.7.96
This version was discovered to contain multiple SQL injection flaws at /dede/search.php via the q parameter.
A remote attacker could exploit these issues to obtain sensitive information from the database.
An unauthenticated user could also access and modify the sensitive data of another user via the co_user parameter.
END DedeCMS V5.7.96 was discovered to have a reflected cross-site scripting (XSS) vulnerability at /dede/co_do.php via the r parameter.
END
Timeline
Published on: 09/01/2022 18:15:00 UTC
Last modified on: 09/07/2022 13:24:00 UTC