CVE-2024-35510

CRITICAL

Dedecms - Unrestricted File Upload

Title source: rule

Description

An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file.

References (1)

[Exploit, Third Party Advisory] https://github.com/QianGeG/CVE/issues/14

Scores

CVSS v3 9.8

EPSS 0.0041

EPSS Percentile 60.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-434

Status published

Affected Products (1)

dedecms/dedecms

Timeline

Published May 28, 2024

Tracked Since Feb 18, 2026