A vulnerability was found in DedeCMS 5.7.88 . It has been declared as critical . The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler . Executing a manipulation of the argument msg can lead to sql injection. This vulnerability is tracked as CVE-2026-10606 . The attack can be launched remotely. Moreover, an exploit is present.