A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 27 Aug 2025 21:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 01 Apr 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Dedecms
Dedecms dedecms
CPEs cpe:2.3:a:dedecms:dedecms:5.7:-:*:*:*:*:*:*
Vendors & Products Dedecms
Dedecms dedecms

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-27T20:58:33.386Z

Reserved: 2024-03-22T10:37:25.055Z

Link: CVE-2024-2822

cve-icon Vulnrichment

Updated: 2024-08-01T19:25:42.117Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-22T17:15:09.093

Modified: 2025-09-30T17:54:47.697

Link: CVE-2024-2822

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.