CVE-2023-2059
published 2023-04-14CVE-2023-2059: A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file…
PriorityP279medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.41%
82.0th percentile
A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225944.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dedecms | dedecms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for HTTP GET requests to select_templets.php with the 'activepath' parameter containing path traversal sequences (e.g., %2f, ../, ..\ combinations) to detect exploitation attempts. ↗
- →Responses containing 'dirname(__FILE__)', '$cfg_basedir', or 'dedecms' strings in the body following a traversal request indicate successful exploitation and disclosure of PHP source/config files. ↗
- →Use Shodan/FOFA queries to identify exposed DedeCMS instances as potential targets: http.html:"dedecms", app="DedeCMS", body="dedecms". ↗
- ·The vulnerability is unauthenticated (PR:N), meaning no credentials are required to exploit the directory traversal via the activepath parameter. ↗
- ·The traversal payload uses a mixed encoding/separator technique combining URL-encoded forward slash (%2f), Unix-style (../), and Windows-style (..\ ) path separators, which may evade simple pattern-matching defenses. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g733-c497-r4hx: A vulnerability was found in DedeCMS 5
ghsa_unreviewed·2023-04-14
CVE-2023-2059 [MEDIUM] CWE-28 GHSA-g733-c497-r4hx: A vulnerability was found in DedeCMS 5
A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225944.
VulnCheck
dedecms dedecms Path Traversal: '..\filedir'
vulncheck·2023·CVSS 4.3
CVE-2023-2059 [MEDIUM] dedecms dedecms Path Traversal: '..\filedir'
dedecms dedecms Path Traversal: '..\filedir'
A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225944.
Affected: dedecms dedecms
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2023-2059
No detection rules found.
Nuclei
DedeCMS 5.7.87 - Directory Traversal
nuclei·CVSS 5.3
CVE-2023-2059 [MEDIUM] DedeCMS 5.7.87 - Directory Traversal
DedeCMS 5.7.87 - Directory Traversal
Directory traversal vulnerability in DedeCMS 5.7.87 allows reading sensitive files via the $activepath parameter.
Template:
id: CVE-2023-2059
info:
name: DedeCMS 5.7.87 - Directory Traversal
author: pussycat0x
severity: medium
description: |
Directory traversal vulnerability in DedeCMS 5.7.87 allows reading sensitive files via the $activepath parameter.
impact: |
Unauthenticated attackers can exploit directory traversal through the activepath parameter in select_templets.php to read sensitive DedeCMS configuration files and source code.
remediation: |
Update DedeCMS to a version newer than 5.7.87 that properly validates and sanitizes the activepath parameter in select_templets.php.
reference:
- https://github.com/ATZXC-RedTeam/cve/blob/main/dedecms.
Wiz
Crying Out Cloud - July Newsletter | Wiz
blogs_wiz·2023-08-01·CVSS 4.3
CVE-2023-2640 [MEDIUM] Crying Out Cloud - July Newsletter | Wiz
Welcome back! In this edition, we bring you the latest in cloud security – crucial vulnerabilities, exclusive data, and noteworthy incidents. Stay informed and stay secure. Let's delve in.
Here are our cloud security highlights for July!
## ✨ Highlights
## GameOver (lay): local privilege escalation vulnerabilities in Ubuntu Linux
Wiz Research discovered CVE-2023-2640 and CVE-2023-32629, two easy-to-exploit privilege escalation vulnerabilities in the OverlayFS module in Ubuntu affecting 40% of Ubuntu cloud workloads.
CVE-2023-2640 and CVE-2023-32629 were found in the OverlayFS module in Ubuntu, which is a widely used Linux filesystem that became highly popular with the rise of containers as its features enable the deployment of dynamic filesystems based on pre-built images. Successful
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2023-04-14
Published
Exploited in the wild