dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Dedecms
  • Dedecms

Configuration 1 [-]

cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*
References
Link Resource
https://gist.github.com/yinfei6/f2b311374de4b4cec1dc22433d38c92a Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-27T00:00:00

Updated: 2022-12-27T00:00:00

Reserved: 2022-12-05T00:00:00

Link: CVE-2022-46442

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2022-12-27T22:15:15.140

Modified: 2023-01-06T01:53:12.367

Link: CVE-2022-46442

JSON object: View

cve-icon Redhat Information

No data.

CWE