An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php.
References
| Link | Resource |
|---|---|
| https://github.com/Stoocea/Vulnerability-analysis-Notes/blob/main/cms/DedeCMS-V5.7.114%20%20Arbitrary%20file%20read%20vulnerability.md | Broken Link Exploit Third Party Advisory |
| https://github.com/Stoocea/Vulnerability-analysis-Notes/blob/main/cms/DedeCMS-V5.7.114%20%20Arbitrary%20file%20read%20vulnerability.md | Broken Link Exploit Third Party Advisory |
Configurations
History
01 Apr 2025, 18:05
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/Stoocea/Vulnerability-analysis-Notes/blob/main/cms/DedeCMS-V5.7.114%20%20Arbitrary%20file%20read%20vulnerability.md - Broken Link, Exploit, Third Party Advisory | |
| First Time |
Dedecms dedecms
Dedecms |
|
| CPE | cpe:2.3:a:dedecms:dedecms:5.7.114:*:*:*:*:*:*:* |
21 Nov 2024, 09:18
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/Stoocea/Vulnerability-analysis-Notes/blob/main/cms/DedeCMS-V5.7.114%20%20Arbitrary%20file%20read%20vulnerability.md - |
27 Oct 2024, 03:35
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| Summary |
|
|
| CWE | CWE-22 |
14 May 2024, 15:38
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-05-14 15:38
Updated : 2025-04-01 18:05
NVD link : CVE-2024-34245
Mitre link : CVE-2024-34245
CVE.ORG link : CVE-2024-34245
JSON object : View
Products Affected
dedecms
- dedecms
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')