Skip to main content

Dedebiz

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-14648 LOW POC Monitor

Command injection in DedeBIZ up to version 6.5.9 allows authenticated high-privilege administrators to execute arbitrary system commands via the /src/admin/catalog_add.php endpoint. The vulnerability requires high-privilege authentication (PR:H in CVSS v4.0) and has publicly available exploit code, but real-world risk is constrained by the authentication requirement and limited scope of impact (CVSS 2.0, EPSS 0.28%).

PHP Command Injection Dedebiz
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.3%
CVE-2025-14648
EPSS 0% CVSS 2.0
LOW POC Monitor

Command injection in DedeBIZ up to version 6.5.9 allows authenticated high-privilege administrators to execute arbitrary system commands via the /src/admin/catalog_add.php endpoint. The vulnerability requires high-privilege authentication (PR:H in CVSS v4.0) and has publicly available exploit code, but real-world risk is constrained by the authentication requirement and limited scope of impact (CVSS 2.0, EPSS 0.28%).

PHP Command Injection Dedebiz
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy