CVE-2022-40886 DedeCMS 5.7.98 has a file upload vulnerability in the background.

In rare cases, the uploaded file can be executed remotely. This is possible due to the nature of PHP, which executes script code. This vulnerability can be exploited by uploading a special image file to the vulnerable CMS. If a user is logged into the site and chooses to upload this image file, then the attacker can execute code on the server. This can lead to a wide range of potential attacks such as data exfiltration, installation of malware, etc. DedeCMS has a fixed version 5.7.99.

Another major vulnerability in DedeCMS is a file upload XSS vulnerability. In order to exploit this vulnerability, the attacker needs to upload a specially crafted file to the server. Then, the user has to choose to open this file in the browser. This will lead to the execution of script code on the server. This can lead to a wide range of potential attacks such as data exfiltration, installation of malware, etc. DedeCMS has a fixed version 5.7.99. The latest stable release of DedeCMS is 5.7.98.

Install DedeCMS on Linux

DedeCMS is available for Linux systems. There's a possibility that you'll have to compile the software yourself, but it should be easy enough to do so. Just follow the instructions on their website to set it up on your system.

Timeline

Published on: 10/03/2022 02:15:00 UTC
Last modified on: 10/04/2022 18:57:00 UTC

References

• https://github.com/Ephemeral1y/Vulnerability/blob/master/DedeCMS/5.7.98/DedeCMS-v5.7.98-RCE.md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40886