CVE-2018-10375
CVE-2018-10375 affects DedeCMS v5.7 SP2. A vulnerability in /include/helpers/upload.helper.php allows an attacker to upload a crafted file through /dede/archives_do.php?dopost=uploadLitpic with Content-Type: image/jpeg; the filename ends in .php and contains PHP code, enabling arbitrary PHP code ...