CVE-2023-5301 — Vulnetix

CVE-2023-5301 PUBLISHED CVSS 4.699999809265137 MEDIUM

A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240940.

EPSS 0.59% · 69.7th percentile

Risk Scores

CVSS 3.1

4.699999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

EPSS Score

0.59%

69.7th percentile

Affected Products

Vendor	Product	Versions
dedecms	dedecms	5.7.111, 5.7.111, 5.7.111
n/a	DedeCMS	5.7.111, 5.7.111, 5.7.111

Exploit Intelligence

CIRCL seen: CVE-2023-5301 (circl-sighting)
https://vuldb.com/?id.240940 (circl)
https://vuldb.com/?ctiid.240940 (circl)
https://github.com/Lamber-maybe/cve/blob/main/DedeCMS%20V5.7.111%20Remote%20Code%20Execution%20Vulnerability.md (cve.org)

Timeline

Sep 30, 2023 CVE Published
Sep 30, 2023 PoC Published
Oct 1, 2023 EPSS Score
Nov 2, 2023 EPSS Score
Dec 4, 2023 EPSS Score
Feb 5, 2024 EPSS Score
Mar 8, 2024 EPSS Score
Apr 9, 2024 EPSS Score
May 10, 2024 EPSS Score
Jul 13, 2024 EPSS Score
Aug 14, 2024 EPSS Score
Sep 14, 2024 EPSS Score

References

Open in Interactive Console →