CVE-2017-17731
published 2017-12-18CVE-2017-17731: DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
PriorityP180critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
13.19%
95.9th percentile
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dedecms | dedecms | <= 5.7 | — |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@`\%27`%20/*!50000union*//*!50000select*/1,2,3,md5({{num}}),5,6,7,8,9%23@`\%27`+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294
- →Exploit targets plus/recommend.php via GET request injecting SQL through the _FILES[type][tmp_name] query parameter using MySQL inline comment bypass (/*!50000union*//*!50000select*/) and backtick quoting.
- →Successful exploitation returns HTTP 200 with the MD5 hash of the probe value (999999999) reflected in the response body — match on md5(999999999) = '000b28f0a435842e4a36e3d9c6f5e6e5' in the response.
- →Shodan/FOFA fingerprinting: hunt for DedeCMS instances via HTML body keywords 'DedeCms', 'dedecms' or CPE cpe:2.3:a:dedecms:dedecms.
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vcxc-4jrg-532r: DedeCMS through 5
ghsa_unreviewed·2022-05-14
CVE-2017-17731 [CRITICAL] CWE-89 GHSA-vcxc-4jrg-532r: DedeCMS through 5
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
VulnCheck
dedecms dedecms Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2017·CVSS 9.8
CVE-2017-17731 [CRITICAL] dedecms dedecms Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
dedecms dedecms Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
Affected: dedecms dedecms
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024; https://www.f5.com/labs/articles/threat-intelligence/botpoke-scanner-switches-ip; https://www.f5.com/labs/articles/threat-intelligence/continued-scanning-for-cve-2023-1389; https://app.crowdsec.net/cti/cve-explorer/CVE-2017-17731
No detection rules found.
Nuclei
DedeCMS 5.7 - SQL Injection
nuclei·CVSS 9.8
CVE-2017-17731 [CRITICAL] DedeCMS 5.7 - SQL Injection
DedeCMS 5.7 - SQL Injection
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
Template:
id: CVE-2017-17731
info:
name: DedeCMS 5.7 - SQL Injection
author: j4vaovo
severity: critical
description: |
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
Apply the latest security patch or upgrade to a newer version of DedeCMS to mitigate the SQL Injection vulnerability.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17731
- https://nvd.nist.gov/vuln/detail/CVE-2017-17731
- https://blog.csdn
2017-12-18
Published
Exploited in the wild