CVE-2024-33749 – DedeCMS V5.7.114 contains an improper authoriza... (How to Fix)

📋 TL;DR

DedeCMS V5.7.114 contains an improper authorization vulnerability in mail_file_manage.php that allows attackers to delete any file on the server. This affects all DedeCMS installations running the vulnerable version. Attackers can exploit this to delete critical system files, configuration files, or website content.

💻 Affected Systems

Products:

DedeCMS

Versions: V5.7.114

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of DedeCMS V5.7.114 are vulnerable. The vulnerability exists in the mail_file_manage.php component.

📦 What is this software?

Dedecms by Dedecms

View all CVEs affecting Dedecms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, leading to service disruption, data loss, or enabling further attacks by removing security controls.

🟠

Likely Case

Website defacement or disruption by deleting web content files, configuration files, or database files, causing service downtime.

🟢

If Mitigated

Limited impact if proper file permissions and access controls are implemented, restricting deletion to non-critical directories.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of access but is technically simple once access is obtained. The vulnerability is publicly documented with proof-of-concept details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check for official patch from DedeCMS developers
2. If patch is released, download and apply according to vendor instructions
3. Verify the fix by testing the vulnerable functionality

🔧 Temporary Workarounds

Remove vulnerable file

linux

Delete or rename the vulnerable mail_file_manage.php file to prevent exploitation

mv mail_file_manage.php mail_file_manage.php.bak
rm mail_file_manage.php

Restrict file permissions

linux

Set strict file permissions on critical directories to prevent unauthorized deletion

chmod 755 /path/to/dedecms
chmod 644 /path/to/dedecms/*.php

🧯 If You Can't Patch

Implement strict access controls and authentication requirements for administrative functions
Deploy web application firewall (WAF) rules to block requests to mail_file_manage.php with delete parameters

🔍 How to Verify

Check if Vulnerable:

Check if DedeCMS version is 5.7.114 and if mail_file_manage.php exists in the installation directory

Check Version:

Check DedeCMS version in admin panel or examine version files in installation directory

Verify Fix Applied:

Test if file deletion functionality through mail_file_manage.php is properly restricted or if the file has been removed/renamed

📡 Detection & Monitoring

Log Indicators:

HTTP requests to mail_file_manage.php with delete parameters
File deletion events in system logs
Unauthorized access attempts to administrative functions

Network Indicators:

POST requests to mail_file_manage.php with file path parameters
Unusual file deletion patterns from web server

SIEM Query:

source="web_server" AND uri="*mail_file_manage.php*" AND (method="POST" OR parameters="*delete*" OR parameters="*file*=")

📊 Metadata

CVE ID: CVE-2024-33749

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-285

Published: May 6, 2024

Last Updated: April 1, 2025

🔗 References

https://github.com/QianGeG/CVE/issues/13 Exploit,Third Party Advisory
https://github.com/QianGeG/CVE/issues/13 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33749, you might also want to check these: