CVE-2024-30855
HIGH
8,8
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0001
Percentile
0,0th
Updated
EPSS Score Trend (Last 77 Days)
352
Cross-Site Request Forgery (CSRF)
StableCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Non-Repudiation
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Bypass Protection Mechanism
Read Application Data
Modify Application Data
Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies:
Web Based, Web Server
Application
Dedecms by Dedecms
CPE Identifier
View Detailed Analysis
cpe:2.3:a:dedecms:dedecms:5.7:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/Limingqian123/cms/blob/main/1.md
https://gist.github.com/Limingqian123/e90a1b86c02bd83d4ab07c08cad9a629
https://github.com/Limingqian123/cms/blob/main/1.md