CVE-2018-19061
CRITICALDedeCMS 5.7 SP2 - SQL Injection via co_do.php ids Parameter
Title source: llmDescription
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/moonf1sh/moonf1sh.github.io/blob/master/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/index.html
Exploit, Third Party Advisory x_refsource_misc
https://moonf1sh.github.io/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/
Scores
CVSS v3
9.8
EPSS
0.0034
EPSS Percentile
56.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
dedecms/dedecms
5.7 sp2
Published
Nov 07, 2018
Tracked Since
Feb 18, 2026