CVE-2023-5268: DedeBIZ makehtml_taglist_action.php sql injection
First published: Fri Sep 29 2023(Updated: )
A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtml_taglist_action.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240881 was assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dedecms v6 | =6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-5268?
CVE-2023-5268 has been classified as critical due to its potential for remote SQL injection.
How do I fix CVE-2023-5268?
To fix CVE-2023-5268, it is recommended to update DedeBIZ to the latest version that addresses this vulnerability.
What is the impact of CVE-2023-5268?
The impact of CVE-2023-5268 includes unauthorized access to the database through SQL injection, which can lead to data breaches.
Which versions of DedeBIZ are affected by CVE-2023-5268?
CVE-2023-5268 affects DedeBIZ version 6.2.
Can CVE-2023-5268 be exploited remotely?
Yes, CVE-2023-5268 can be exploited remotely, allowing attackers to execute malicious SQL queries.
- agent/author
- agent/type
- agent/weakness
- agent/references
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/dedebiz
- canonical/dedecms v6
- version/dedecms v6/6.2