Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/27 12:33 a.m.19 views

CVE-2025-5137

A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sysverifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to...

9.8CVSS7.4AI score0.02275EPSS
Exploits2References1
Circl
Circl
added 2025/05/25 12:46 a.m.20 views

CVE-2018-9175

creationtimestamp| type| source ---|---|--- 2025-05-25 00:46:15+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17501 2025-05-25 00:57:40+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3lpxhcqjiff2e 2025-05-25 00:57:46+00:00| seen|...

9.8CVSS6.8AI score0.02275EPSS
Exploits1References3
NVD
NVD
added 2025/05/25 12:15 a.m.18 views

CVE-2025-5137

A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sysverifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to...

7.2CVSS0.00462EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/25 12:0 a.m.19 views

CVE-2025-5137 DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection

A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sysverifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to...

5.8CVSS0.00462EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/05/25 12:0 a.m.9 views

CVE-2025-5137 DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection

A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sysverifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to...

5.8CVSS5.2AI score0.00462EPSS
Exploits1References5
seebug.org
seebug.org
added 2018/04/03 12:0 a.m.69 views

Dedecms V5.7后台的两处getshell(CVE-2018-9175)

第一个是常见的思路,把语句写入inc文件,然后在其他的include语句中,包含了恶意代码进而getshell。 漏洞代码在:/dede/sysverifies.php 代码如下: else if $action == 'getfiles' if!isset$refiles ShowMsg"你没进行任何操作!","sysverifies.php"; exit; $cacheFiles = DEDEDATA.'/modifytmp.inc'; $fp = fopen$cacheFiles, 'w'; fwrite$fp, ''; fclose$fp; $dirinfos = ''; if$...

9.3AI score0.02275EPSS
Exploits1
OSV
OSV
added 2018/04/02 3:29 a.m.4 views

CVE-2018-9175

DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselectmain.php because code within the database is accessible to uploads/dede/syscacheup.php...

9.8CVSS6.1AI score0.02275EPSS
Exploits1References1
CVE
CVE
added 2018/04/02 3:0 a.m.58 views

CVE-2018-9175

DedeCMS 5.7 contains a remote code execution vulnerability (CVE-2018-9175) via the egroup parameter to uploads/dede/stepselect_main.php. The attack leverages that code written into the database can be exposed to uploads/dede/sys_cache_up.php, enabling an attacker to inject PHP through database-ba...

9.8CVSS9.7AI score0.02275EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder