Home > Vulnerability Database > CVE-2023-27733

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2023-27733

Date: April 16, 2023

DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php.

Language: PHP

Severity Score

7.2

Related Resources (4)

Url: https://sha999-crypto.github.io/2023/02/28/Dedecms%20background%20SQL%20injection%20vulnerability/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-27733

Url: https://github.com/Ephemeral1y/Vulnerability/blob/master/DedeCMS/5.7.98/DedeCMS-v5.7.98-RCE.md

Url: https://www.mend.io/vulnerability-database/CVE-2023-27733

Severity Score

7.2

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Do you need more information?

Contact Us