Summaryinfo

A vulnerability has been found in DedeCMS 5.7.112 and classified as problematic. This vulnerability affects unknown code of the component File Manager. This manipulation causes cross-site request forgery. This vulnerability is handled as CVE-2023-52047. The attack can be initiated remotely. There is not any exploit available. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Detailsinfo

A vulnerability has been found in DedeCMS 5.7.112 (Content Management System) and classified as problematic. Affected by this vulnerability is an unknown part of the component File Manager. The manipulation with an unknown input leads to a cross-site request forgery vulnerability. The CWE definition for the vulnerability is CWE-352. The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. As an impact it is known to affect integrity. The summary by CVE is:

Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager.

The weakness was released 02/28/2024. The advisory is shared at github.com. This vulnerability is known as CVE-2023-52047 since 12/26/2023. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Content Management System

Name

• DedeCMS

Version

• 5.7.112

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion