CVE-2023-5301 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-5301 PUBLISHED CVSS 4.699999809265137 MEDIUM

A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240940.

EPSS 0.59% · 69.1th percentile

Risk Scores

CVSS v3.1

4.699999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

EPSS Score

0.59%

69.1th percentile

Affected Products

Vendor	Product	Versions
dedecms	dedecms	5.7.111, 5.7.111, 5.7.111
n/a	DedeCMS	5.7.111, 5.7.111, 5.7.111

Timeline

Sep 30, 2023 CVE Published
Sep 30, 2023 PoC Published
Oct 1, 2023 EPSS Score
Nov 1, 2023 EPSS Score
Dec 2, 2023 EPSS Score
Feb 3, 2024 EPSS Score
Mar 5, 2024 EPSS Score
Apr 5, 2024 EPSS Score
May 6, 2024 EPSS Score
Jul 8, 2024 EPSS Score
Aug 8, 2024 EPSS Score
Sep 8, 2024 EPSS Score

References

Open in Interactive Console →