CVE-2023-27709: SQL Injection
First published: Thu Mar 16 2023(Updated: )
SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dedecms Dedecms | <=5.7.106 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this SQL injection vulnerability?
The vulnerability ID for this SQL injection vulnerability is CVE-2023-27709.
What is the affected software?
The affected software is DedeCMS version 5.7.106.
How severe is this vulnerability?
This vulnerability has a severity value of 7.2, which is categorized as high.
How can a remote attacker exploit this vulnerability?
A remote attacker can exploit this vulnerability by sending malicious code through the rank_* parameter in the /dedestory_catalog.php endpoint.
Is there a fix for this vulnerability?
Yes, it is recommended to update to a patched version of DedeCMS to mitigate the SQL injection vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/dedecms
- canonical/dedecms dedecms
- version/dedecms dedecms/5.7.106