CVE-2023-5022: DedeCMS select_templets_post.php absolute path traversal
First published: Sun Sep 17 2023(Updated: )
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifier of this vulnerability is VDB-239863.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dedecms Dedecms | <=5.7.100 | |
| <=5.7.100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2023-5022.
What is the severity of CVE-2023-5022?
The severity of CVE-2023-5022 is high, with a score of 8.8.
What is the affected software?
The affected software is DedeCMS up to version 5.7.100.
What is the vulnerability type?
The vulnerability type is path traversal.
How can I mitigate this vulnerability?
To mitigate this vulnerability, ensure that the software is updated to version 5.7.101 or later.
- collector/nvd-index
- agent/author
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- vendor/dedecms
- canonical/dedecms dedecms
- version/dedecms dedecms/5.7.100