CVE-2026-10581

MEDIUM WAF: Medium

CVSS 6.3 Published: 2026-06-02

CWE-918

A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used.

WAF Coverage Analysis

Server-Side Request Forgery (SSRF) Medium WAF Coverage

OWASP: A10:2021 SSRF

934xxx - Node.js / Generic Injection

References

vuldb.com
vuldb.com
vuldb.com
vuldb.com

Back to CVE Database