4 matches found
CVE-2020-18114
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format...
Design/Logic Flaw
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format...
CVE-2020-18114
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format...
Input validation
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/albumedit.php or dede/albumadd.php, as demonstrated by a dede/albumedit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" because input validation only checks that .jpg, .png, or .gif is prese...