A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 27 Aug 2025 21:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 01 Apr 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Dedecms
Dedecms dedecms
CPEs cpe:2.3:a:dedecms:dedecms:5.7:-:*:*:*:*:*:*
Vendors & Products Dedecms
Dedecms dedecms

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-27T20:58:09.984Z

Reserved: 2024-03-22T10:37:21.560Z

Link: CVE-2024-2821

cve-icon Vulnrichment

Updated: 2024-08-01T19:25:42.132Z

cve-icon NVD

Status : Modified

Published: 2024-03-22T16:15:10.933

Modified: 2025-08-27T21:15:44.980

Link: CVE-2024-2821

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.