What is GHSA-g8rg-9wq4-r9pr?

GHSA-g8rg-9wq4-r9pr is a security advisory published by GitHub Security Advisories with Medium severity. A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function...

Which CVE IDs does GHSA-g8rg-9wq4-r9pr cover?

GHSA-g8rg-9wq4-r9pr covers the following CVE IDs: CVE-2026-10607. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-g8rg-9wq4-r9pr?

GHSA-g8rg-9wq4-r9pr has a CVSS v3 base score of 7.3, published by GitHub Security Advisories.

GHSA-g8rg-9wq4-r9prMediumCVSS 7.3

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function...

Vendor

GitHub Security Advisories

Published

June 2, 2026

Last Modified

June 2, 2026

🔗 CVE IDs covered (1)

CVE-2026-10607 →

📋 Description

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dede_htmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2026-10607
https://vuldb.com/cve/CVE-2026-10607
https://vuldb.com/submit/829414
https://vuldb.com/vuln/367914
https://vuldb.com/vuln/367914/cti
https://github.com/advisories/GHSA-g8rg-9wq4-r9pr