cbcvebase.
CVE-2023-2059
published 2023-04-14

CVE-2023-2059: A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file…

PriorityP279medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.41%
82.0th percentile
A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225944.

Affected

1 ranges
VendorProductVersion rangeFixed in
dedecmsdedecms

Detection & IOCsextracted from sources · hover to see the quote

path/include/dialog/select_templets.php
url/include/dialog/select_templets.php?f=form1.templetactivepath=%2ftemplets/../..\..\..\
  • Look for HTTP GET requests to select_templets.php with the 'activepath' parameter containing path traversal sequences (e.g., %2f, ../, ..\ combinations) to detect exploitation attempts.
  • Responses containing 'dirname(__FILE__)', '$cfg_basedir', or 'dedecms' strings in the body following a traversal request indicate successful exploitation and disclosure of PHP source/config files.
  • Use Shodan/FOFA queries to identify exposed DedeCMS instances as potential targets: http.html:"dedecms", app="DedeCMS", body="dedecms".
  • ·The vulnerability is unauthenticated (PR:N), meaning no credentials are required to exploit the directory traversal via the activepath parameter.
  • ·The traversal payload uses a mixed encoding/separator technique combining URL-encoded forward slash (%2f), Unix-style (../), and Windows-style (..\ ) path separators, which may evade simple pattern-matching defenses.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.