CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27709
https://notcve.org/view.php?id=CVE-2023-27709
16 Mar 2023 — SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. • https://srpopty.github.io/2023/02/27/DedeCMS-V5.7.160-Backend-SQLi-story • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27707
https://notcve.org/view.php?id=CVE-2023-27707
16 Mar 2023 — SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. • https://srpopty.github.io/2023/02/27/DedeCMS-V5.7.160-Backend-SQLi-group • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •