CVE-2024-34959 – DedeCMS V5.7.113 contains a cross-site scriptin... (How to Fix)

Q: What is the severity of CVE-2024-34959?

CVE-2024-34959 has a CVSS score of 5.5 (MEDIUM). DedeCMS V5.7.113 contains a cross-site scripting vulnerability in sys_data_replace.php that allows attackers to inject malicious scripts into web pages. This affects administrators and users who view compromised pages, potentially leading to session hijacking or credential theft. The vulnerability requires administrative access to exploit.

📋 TL;DR

DedeCMS V5.7.113 contains a cross-site scripting vulnerability in sys_data_replace.php that allows attackers to inject malicious scripts into web pages. This affects administrators and users who view compromised pages, potentially leading to session hijacking or credential theft. The vulnerability requires administrative access to exploit.

💻 Affected Systems

Products:

DedeCMS

Versions: V5.7.113

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrative access to exploit the sys_data_replace.php endpoint.

📦 What is this software?

Dedecms by Dedecms

View all CVEs affecting Dedecms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leading to complete website takeover, data theft, and further server exploitation.

🟠

Likely Case

Session hijacking of administrators, credential theft, defacement of administrative interfaces.

🟢

If Mitigated

Limited impact with proper input validation and output encoding in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrative privileges but is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V5.7.114 or later

Vendor Advisory: https://gitee.com/upgogo/s123/issues/I9MARO

Restart Required: No

Instructions:

1. Backup your current installation. 2. Download the latest version from official sources. 3. Replace vulnerable files with patched versions. 4. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sys_data_replace.php to sanitize user inputs

Edit sys_data_replace.php and add HTML entity encoding for all user inputs

Access Restriction

all

Restrict access to sys_data_replace.php to trusted IP addresses only

Add .htaccess rules or web server configuration to limit access

🧯 If You Can't Patch

Implement Web Application Firewall (WAF) with XSS protection rules
Disable or remove sys_data_replace.php if not required for functionality

🔍 How to Verify

Check if Vulnerable:

Check if DedeCMS version is 5.7.113 and sys_data_replace.php exists without input validation

Check Version:

Check /data/admin/ver.txt or admin panel version display

Verify Fix Applied:

Verify version is 5.7.114 or later, and test XSS payloads are properly sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to sys_data_replace.php with script tags
Multiple failed login attempts followed by successful admin login

Network Indicators:

HTTP requests containing script injections to administrative endpoints
Unusual outbound connections from the server

SIEM Query:

source="web_server" AND (uri="/sys_data_replace.php" AND (body CONTAINS "<script>" OR body CONTAINS "javascript:"))

📊 Metadata

CVE ID: CVE-2024-34959

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-79

Published: May 17, 2024

Last Updated: April 1, 2025

🔗 References

https://gitee.com/upgogo/s123/issues/I9MARO Exploit,Third Party Advisory
https://gitee.com/upgogo/s123/issues/I9MARO Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34959, you might also want to check these: