CVE-2023-52047 – This CSRF vulnerability in Dedecms v5.7.112 all... (How to Fix)

Q: What is the severity of CVE-2023-52047?

CVE-2023-52047 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in Dedecms v5.7.112 allows attackers to trick authenticated administrators into performing unauthorized actions via the file manager. Attackers can upload malicious files, modify content, or delete files without the admin's knowledge. Only Dedecms installations with the vulnerable version are affected.

📋 TL;DR

This CSRF vulnerability in Dedecms v5.7.112 allows attackers to trick authenticated administrators into performing unauthorized actions via the file manager. Attackers can upload malicious files, modify content, or delete files without the admin's knowledge. Only Dedecms installations with the vulnerable version are affected.

💻 Affected Systems

Products:

Dedecms

Versions: v5.7.112

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated admin session to exploit. All installations using the vulnerable version are affected.

📦 What is this software?

Dedecms by Dedecms

View all CVEs affecting Dedecms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete website compromise through malicious file upload leading to remote code execution, data theft, or defacement.

🟠

Likely Case

Unauthorized file uploads leading to defacement, malware distribution, or limited data manipulation.

🟢

If Mitigated

No impact if proper CSRF protections are implemented and users follow security best practices.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires social engineering to trick authenticated admin into clicking malicious link. Proof-of-concept available in public repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.7.113 or later

Vendor Advisory: https://github.com/dedecms/DedeCMS/releases

Restart Required: No

Instructions:

1. Backup your current installation. 2. Download the latest version from official Dedecms repository. 3. Replace vulnerable files with patched versions. 4. Verify functionality.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF protection tokens to file manager forms

Modify PHP files to include CSRF token validation

Restrict Admin Access

all

Limit admin panel access to trusted IP addresses only

Add IP whitelisting to .htaccess or web server config

🧯 If You Can't Patch

Implement strict SameSite cookie policies and Content Security Policy headers
Require re-authentication for sensitive file operations and monitor admin activity logs

🔍 How to Verify

Check if Vulnerable:

Check Dedecms version in admin panel or by examining version files in installation directory

Check Version:

Check /data/admin/ver.txt or admin panel version display

Verify Fix Applied:

Verify version is v5.7.113 or later and test CSRF protection on file upload forms

📡 Detection & Monitoring

Log Indicators:

Unexpected file uploads from admin sessions
Multiple failed CSRF token validations
Admin actions from unusual IP addresses

Network Indicators:

POST requests to file manager without proper referrer headers
Unusual file upload patterns

SIEM Query:

source="web_logs" AND (uri="/dede/file_manage.php" OR uri="/dede/upload.php") AND (referrer NOT CONTAINS expected_domain OR csrf_token="")

📊 Metadata

CVE ID: CVE-2023-52047

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: February 28, 2024

Last Updated: April 1, 2025

🔗 References

https://github.com/chongfujun/test/blob/main/2023-52047.docx Broken Link
https://github.com/chongfujun/test/blob/main/2023-52047.docx Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52047, you might also want to check these: