CSRF in DedeCMS /sys_task_add.php

Successful exploitation could allow an attacker to cause an authenticated victim's browser to submit unauthorized requests to /sys_task_add.php. Based on the provided CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), the resulting impact may include significant unauthorized changes and potentially severe effects on confidentiality, integrity, and availability, depending on what actions the vulnerable endpoint permits. Specific post-exploitation actions are not described in the available content.

Until a patch is applied, restrict access to the DedeCMS administrative interface and any exposure of /sys_task_add.php to trusted users and networks only. Require re-authentication or additional confirmation for sensitive actions handled by this endpoint where feasible. Deploy standard CSRF defenses at the application layer, including validated anti-CSRF tokens and SameSite cookie settings where compatible. User awareness can reduce risk, but user interaction is still sufficient for exploitation if an authenticated user is induced to visit attacker-controlled content.

Upgrade DedeCMS to a vendor-fixed version if one is available. The vulnerable functionality in /sys_task_add.php should be updated to enforce robust anti-CSRF protections, such as per-request or per-session unpredictable CSRF tokens validated server-side, combined with strict origin or referer validation where appropriate. Because the provided content does not include a vendor advisory or patch details, the specific fixed version is currently not available.