8 matches found
CVE-2025-5137
A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sysverifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to...
CVE-2018-9175
creationtimestamp| type| source ---|---|--- 2025-05-25 00:46:15+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17501 2025-05-25 00:57:40+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3lpxhcqjiff2e 2025-05-25 00:57:46+00:00| seen|...
CVE-2025-5137
A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sysverifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to...
CVE-2025-5137 DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection
A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sysverifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to...
CVE-2025-5137 DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection
A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sysverifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to...
Dedecms V5.7后台的两处getshell(CVE-2018-9175)
第一个是常见的思路,把语句写入inc文件,然后在其他的include语句中,包含了恶意代码进而getshell。 漏洞代码在:/dede/sysverifies.php 代码如下: else if $action == 'getfiles' if!isset$refiles ShowMsg"你没进行任何操作!","sysverifies.php"; exit; $cacheFiles = DEDEDATA.'/modifytmp.inc'; $fp = fopen$cacheFiles, 'w'; fwrite$fp, ''; fclose$fp; $dirinfos = ''; if$...
CVE-2018-9175
DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselectmain.php because code within the database is accessible to uploads/dede/syscacheup.php...
CVE-2018-9175
DedeCMS 5.7 contains a remote code execution vulnerability (CVE-2018-9175) via the egroup parameter to uploads/dede/stepselect_main.php. The attack leverages that code written into the database can be exposed to uploads/dede/sys_cache_up.php, enabling an attacker to inject PHP through database-ba...