{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30643", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T18:14:10.109Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-04-01T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T16:11:49.947Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.dedecms.com/"}, {"url": "https://gist.github.com/0psPwn/10c43912adee9bfe2ff4fec947d4ee5a"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:12:40.239873Z", "id": "CVE-2026-30643", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:14:10.109Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30643", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T18:12:40.239873Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:11:03.749Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.dedecms.com/"}, {"url": "https://gist.github.com/0psPwn/10c43912adee9bfe2ff4fec947d4ee5a"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-01T16:11:49.947Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30643", "state": "PUBLISHED", "dateUpdated": "2026-04-01T18:14:10.109Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-01T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDD6243A-0F88-4E95-87BD-D3A72938D6BF", "versionEndIncluding": "5.7.118", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload."}], "id": "CVE-2026-30643", "lastModified": "2026-04-06T15:29:18.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-01T17:28:39.003", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/0psPwn/10c43912adee9bfe2ff4fec947d4ee5a"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.dedecms.com/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.7.118"}}], "enrichment": {"confidence": 75.0, "confidence_source": "inferred", "scores": [{"score": 75.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "dedecms", "vendor": "dedecms"}], "analysis": {"en": {"generated_at": "2026-04-06T17:54:36.270469+00:00", "value": {"mitigation_remediation": ["Upgrade DedeCMS to the latest patched release that removes the injection flaw", "If the module upload feature is not required, disable or restrict it to prevent exploitation", "Monitor web\u2011application logs for unusual upload activity or signs of code execution"], "summary": {"action": "Immediate Patch", "impact": "Remote code execution via injection in module upload setup tags"}, "threat_synthesis": {"affected_systems": "The issue impacts DedeCMS content\u2011management system version 5.7.118. Only installations running that exact version are confirmed vulnerable.", "description_and_impact": "An attacker can upload a module to DedeCMS and manipulate the setup tag values to inject and execute arbitrary code. The flaw, classified as a code injection (CWE\u201194), allows full control over the web application once the upload is processed, leading to compromise of confidentiality, integrity, and availability.", "risk_and_exploitability": "With a CVSS score of 9.8 the vulnerability is of critical severity. The EPSS score of less than 1% indicates that exploit activity is currently low and the flaw is not listed in the CISA KEV catalog. The likely attack vector is the web interface\u2019s module upload feature, where insecure handling of setup tags permits code injection. No public exploit code is known, but the nature of the flaw would allow a malicious actor to execute arbitrary commands once a malicious upload is successfully processed."}}}}, "created": "2026-04-02T07:51:16.473068+00:00", "updated": "2026-04-07T08:07:43.538840+00:00", "vendors": ["dedecms", "dedecms$PRODUCT$dedecms"]}