CVE-2023-43234

DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dedebiz:dedebiz:6.2.11:*:*:*:*:*:*:*

History

21 Nov 2024, 08:23

Type Values Removed Values Added
References () http://dedebiz.com - Product () http://dedebiz.com - Product
References () https://github.com/yux1azhengye - Not Applicable () https://github.com/yux1azhengye - Not Applicable
References () https://github.com/yux1azhengye/mycve/blob/main/DedeBIZ_v6.2.11_RCE.pdf - Broken Link () https://github.com/yux1azhengye/mycve/blob/main/DedeBIZ_v6.2.11_RCE.pdf - Broken Link
References () https://www.dedebiz.com - Product () https://www.dedebiz.com - Product

25 Sep 2024, 01:36

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-27 15:19

Updated : 2024-11-21 08:23


NVD link : CVE-2023-43234

Mitre link : CVE-2023-43234

CVE.ORG link : CVE-2023-43234


JSON object : View

Products Affected

dedebiz

  • dedebiz
CWE
NVD-CWE-noinfo CWE-94

Improper Control of Generation of Code ('Code Injection')