CVE Details
Basic Information
| Title | DedeCMS Template dedetag.class.php command injection |
|---|---|
| Type | cve |
| Published | 2025-06-20T11:00:19.524Z |
| Last Seen |
Product Information
| Vendor | n/a |
|---|---|
| Product | DedeCMS |
| Version | 5.7.0 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in DedeCMS allows remote attackers to inject commands via the Template Handler’s notes argument, potentially leading to server compromise. |
|---|---|
| AI Severity | Critical |
| Vendor | DedeCMS Community |
| Product | DedeCMS |
| Affected Version | 5.7.0, 5.7.1, 5.7.2 |
Affected Products
- n/a DedeCMS 5.7.0
- n/a DedeCMS 5.7.1
- n/a DedeCMS 5.7.2
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-77, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.