HOrange147

1 exploit Active since Dec 2025
CVE-2025-14648 WRITEUP MEDIUM WRITEUP
dedebiz < 6.5.9 - Remote Command Injection via /src/admin/catalog_add.php
A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalog_add.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
CVSS 4.7