PT-2018-18906 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: The issue allows remote attackers to execute arbitrary PHP code. This is achieved via the egroup parameter to the "/uploads/dede/stepselect main.php" API endpoint, as code within the database is accessible to...