cnvd - cnvd-2024-44514

CNVD-2024-44514

Vulnerability from cnvd - Published: 2024-11-07

Title

DedeCMS命令注入漏洞

Description

DedeCMS（织梦内容管理系统）是一套基于PHP的开源内容管理系统（CMS）。该系统具有内容发布、内容管理、内容编辑和内容检索等功能。 DedeCMS存在命令注入漏洞，该漏洞源于article_string_mix.php文件未能正确过滤构造命令特殊字符、命令等。攻击者可利用该漏洞导致任意命令执行。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://vuldb.com/?id.278243

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-9076

Impacted products

Name
DedeCMS DeDeCMS <=5.7.115

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-9076",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-9076"
    }
  },
  "description": "DedeCMS\uff08\u7ec7\u68a6\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff09\u662f\u4e00\u5957\u57fa\u4e8ePHP\u7684\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\u8be5\u7cfb\u7edf\u5177\u6709\u5185\u5bb9\u53d1\u5e03\u3001\u5185\u5bb9\u7ba1\u7406\u3001\u5185\u5bb9\u7f16\u8f91\u548c\u5185\u5bb9\u68c0\u7d22\u7b49\u529f\u80fd\u3002\n\nDedeCMS\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8earticle_string_mix.php\u6587\u4ef6\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u6784\u9020\u547d\u4ee4\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4efb\u610f\u547d\u4ee4\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://vuldb.com/?id.278243",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-44514",
  "openTime": "2024-11-07",
  "products": {
    "product": "DedeCMS DeDeCMS \u003c=5.7.115"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-9076",
  "serverity": "\u4e2d",
  "submitTime": "2024-09-24",
  "title": "DedeCMS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2024-9076 (GCVE-0-2024-9076)

Vulnerability from cvelistv5 – Published: 2024-09-22 00:00 – Updated: 2024-11-28 06:08

Summary

A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file /dede/article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

5.1 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

4.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

4.7 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-78 - OS Command Injection
CWE-77 - Command Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.278243	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.278243	signaturepermissions-required
	https://vuldb.com/?submit.407461	third-party-advisory
	https://gitee.com/hjjjx/dede_cms/blob/master/arti…	broken-linkexploit

Impacted products

	Vendor	Product	Version
	n/a	DedeCMS	Affected: 5.7.115

Credits

Kuinyoe (VulDB User) jiashenghe (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dedecms",
            "vendor": "dedecms",
            "versions": [
              {
                "lessThanOrEqual": "5.7.115",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9076",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-23T14:51:31.680849Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-23T14:56:49.231Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DedeCMS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "5.7.115"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Kuinyoe (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "jiashenghe (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file /dede/article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in DedeCMS bis 5.7.115 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /dede/article_string_mix.php. Durch das Beeinflussen mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.8,
            "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-28T06:08:58.720Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-278243 | DedeCMS article_string_mix.php os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.278243"
        },
        {
          "name": "VDB-278243 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.278243"
        },
        {
          "name": "Submit #407461 | dedecms DedeCMS V5.7.115 rce",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.407461"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://gitee.com/hjjjx/dede_cms/blob/master/article_string_mix_rce.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-21T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-09-21T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-11-28T07:13:22.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "DedeCMS article_string_mix.php os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-9076",
    "datePublished": "2024-09-22T00:00:10.642Z",
    "dateReserved": "2024-09-21T08:02:12.789Z",
    "dateUpdated": "2024-11-28T06:08:58.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-44514

CVE-2024-9076 (GCVE-0-2024-9076)

Tags

Sightings

Nomenclature