CVE-2024-57241
published 2025-02-11CVE-2024-57241: Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL…
PriorityP341medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EXPLOIT
EPSS
1.11%
61.9th percentile
Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
DedeCMS - Open Redirect via download.php
nuclei·CVSS 6.5
CVE-2024-57241 [MEDIUM] DedeCMS - Open Redirect via download.php
DedeCMS - Open Redirect via download.php
Dedecms 5.71sp1 and earlier contain a URL redirect caused by a logic error that does not properly validate GET request input, letting attackers redirect users to arbitrary URLs, exploit requires sending crafted GET requests.
Template:
id: CVE-2024-57241
info:
name: DedeCMS - Open Redirect via download.php
author: 0x_Akoko
severity: medium
description: |
Dedecms 5.71sp1 and earlier contain a URL redirect caused by a logic error that does not properly validate GET request input, letting attackers redirect users to arbitrary URLs, exploit requires sending crafted GET requests.
impact: |
Attackers can redirect users to malicious sites, potentially leading to phishing or malware distribution.
remediation: |
Update to the latest version of Dedecms or
No writeups or analysis indexed.
2025-02-11
Published