216.73.216.204

CVE-2025-15004

· Published 22/12/2025 01:16 · Modified 23/12/2025 14:51

Labels: CVE-2025-15004 2025-12-22CVE-2025-15004[email protected]

Essential information

Published
22/12/2025 01:16
Modified
23/12/2025 14:51
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

NVD status

Status
Undergoing Analysis — CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
Source
[email protected]
NVD
View on NVD

References