Primary

Context

Dedecms URL Redirection Vulnerability

Vulnerability

Patched

A URL redirection vulnerability exists in Dedecms versions through 5.71sp1. The issue arises from a logic error in the web application's source code, which fails to properly validate input GET requests, allowing for unintended URL redirects.

Impact

Exploitation of this vulnerability can lead to open redirect scenarios, where users are sent to potentially malicious sites without their knowledge.

Reproduction

To reproduce this vulnerability, upload the provided proof-of-concept script (poc.py) to a server running an affected version of Dedecms. The script can be configured to target a specific domain by modifying the target.txt file. Once uploaded, the script can be executed to demonstrate the URL redirection flaw. Note that some websites may have verification mechanisms that could require additional headers, such as User-Agent or Referer, to be added to the script.

Remediation

Users are advised to update to Dedecms version 5.7.65 or later, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.8

exploitability

7.9

remediation

7.7

relevance

0.0

threat

6.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.8

exploitability

7.9

remediation

7.7

relevance

0.0

threat

6.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dedecms URL Redirection Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Dedecms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating