CVE-2018-9174

2018-04-01T23:29:00
ID CVE-2018-9174
Type cve
Reporter NVD
Modified 2018-05-02T10:37:50

Description

sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.