DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors Products
Dedecms
  • Dedecms

Configuration 1 [-]

cpe:2.3:a:dedecms:dedecms:6.1.9:*:*:*:*:*:*:*
References
Link Resource
https://gist.github.com/cai-niao98/77a7aa934492c2d651b37b75243eda0b Third Party Advisory
https://github.com/cai-niao98/Dedecmsv6 Exploit Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-11-09T00:00:00

Updated: 2022-11-09T00:00:00

Reserved: 2022-10-17T00:00:00

Link: CVE-2022-43031

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2022-11-09T21:15:17.707

Modified: 2022-11-10T14:24:43.443

Link: CVE-2022-43031

JSON object: View

cve-icon Redhat Information

No data.

CWE