Design/Logic Flaw

2018-06-0801:29:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

44.3%

JSON

DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.

CPENameOperatorVersion
dedecmseq5.7
dedecmseq5.7 sp2
dedecmseq5.7 sp1
dedecmslt5.7

Name	Operator	Version
dedecms	eq	5.7
dedecms	eq	5.7 sp2
dedecms	eq	5.7 sp1
dedecms	lt	5.7

References

github.com/SukaraLin/php_code_audit_project/blob/master/dedecms/dedecms%20v5.7%20sp2%20%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md

0.001 Low

EPSS

Percentile

44.3%

JSON

Related for PRION:CVE-2018-12046