DedeCMS co_do.php 服务器端请求伪造 (CVE-2023-3578)

admin

0
文章

0
评论

2023-11-29 22:47:10 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

DedeCMS co_do.php 服务器端请求伪造 (CVE-2023-3578)

CVE编号

CVE-2023-3578

利用情况

暂无

补丁情况

N/A

披露时间

2023-07-11

漏洞描述

A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file co_do.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233371.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://github.com/nightcloudos/cve/blob/main/SSRF.md
https://vuldb.com/?ctiid.233371
https://vuldb.com/?id.233371

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	dedecms	dedecms	5.7.109	-
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	kernel	*		Up to (excluding) 4.19.91-27.5.al7
	运行在以下环境
	系统	amazon_2	kernel	*		Up to (excluding) 5.4.247-161.349.amzn2
	运行在以下环境
	系统	anolis_os_23	kernel	*		Up to (excluding) 5.10
	运行在以下环境
	系统	anolis_os_7	kernel	*		Up to (excluding) 3.10
	运行在以下环境
	系统	anolis_os_8	kernel	*		Up to (excluding) 4.18
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	kernel	*		Up to (excluding) 4.19.90-23.37.v2101.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	kernel	*		Up to (excluding) 4.19.90-23.37.v2101.ky10
	运行在以下环境
	系统	opensuse_5.3	kernel	*		Up to (excluding) 5.14.21-150400.24.69.1
	运行在以下环境
	系统	opensuse_Leap_15.4	dtb-al	*		Up to (excluding) 5.14.21-150400.24.69.1
	运行在以下环境
	系统	opensuse_Leap_15.5	kernel	*		Up to (excluding) 5.14.21-150500.55.7.1
	运行在以下环境
	系统	oracle_7	kernel	*		Up to (excluding) 3.10.0-1160.99.1.0.1.el7
	运行在以下环境
	系统	oracle_8	kernel	*		Up to (excluding) 4.18.0-477.27.0.1.el8_8
	运行在以下环境
	系统	oracle_9	kernel	*		Up to (excluding) 5.14.0-284.25.1.0.1.el9_2
	运行在以下环境
	系统	redhat_7	kernel	*		Up to (excluding) 3.10.0-1160.99.1.el7
	运行在以下环境
	系统	redhat_8	kpatch-patch	*		Up to (excluding) 4.18.0-477.27.1.el8_8
	运行在以下环境
	系统	redhat_9	kpatch-patch	*		Up to (excluding) 5.14.0-284.25.1.el9_2