CVE-2026-10608 | DedeCMS 5.7.88 /plus/carbuyaction.php RemoveXSS postname/des sql injection

SecurityVulns

A vulnerability categorized as critical has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection.

This vulnerability is cataloged as CVE-2026-10608. The attack may be launched remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More