CVE-2023-5268

MEDIUM

DedeBIZ 6.2 - SQL Injection via mktime Parameter in makehtml_taglist_action.php

Title source: llm
STIX 2.1

Description

A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtml_taglist_action.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240881 was assigned to this vulnerability.

References (3)

Core 3
Core References
Third Party Advisory vdb-entry technical-description
https://vuldb.com/?id.240881
Third Party Advisory signature permissions-required
https://vuldb.com/?ctiid.240881
Exploit, Issue Tracking, Product exploit issue-tracking
https://github.com/yhy217/dedebiz--vul/issues/2

Scores

CVSS v3 6.3
EPSS 0.0050
EPSS Percentile 39.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
dedebiz/dedebiz 6.2
Published Sep 29, 2023
Tracked Since Feb 18, 2026