CVE-2023-5022

HIGH Year: 2023
CVSS v3 Score
8.8
High
CVSS v2 Score
5.2
Medium
Weakness Type
CWE-36
View all →

Vulnerability Description

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifier of this vulnerability is VDB-239863.

Related Vulnerabilities

CVE-2022-20958

HIGH
CVSS:8.8(High)

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack o...

CWE-362022

CVE-2023-40597

HIGH
CVSS:8.8(High)

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

CWE-362023

CVE-2024-21323

HIGH
CVSS:8.8(High)

Microsoft Defender for IoT Remote Code Execution Vulnerability

CWE-362024

CVE-2024-29053

HIGH
CVSS:8.8(High)

Microsoft Defender for IoT Remote Code Execution Vulnerability

CWE-362024

CVE-2024-45291

HIGH
CVSS:8.8(High)

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images ha...

CWE-362024

CVE-2024-33620

HIGH
CVSS:8.6(High)

Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server m...

CWE-362024