6 matches found
CVE-2018-9175
DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselectmain.php because code within the database is accessible to uploads/dede/syscacheup.php...
CVE-2018-9175
DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselectmain.php because code within the database is accessible to uploads/dede/syscacheup.php...
Code injection
DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselectmain.php because code within the database is accessible to uploads/dede/syscacheup.php...
CVE-2018-9175
DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselectmain.php because code within the database is accessible to uploads/dede/syscacheup.php...
CVE-2018-9175
DedeCMS 5.7 contains a remote code execution vulnerability (CVE-2018-9175) via the egroup parameter to uploads/dede/stepselect_main.php. The attack leverages that code written into the database can be exposed to uploads/dede/sys_cache_up.php, enabling an attacker to inject PHP through database-ba...
DedeCMS Arbitrary PHP Code Execution Vulnerability
Weaving dream content management system DedeCms is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS 5.7 has an arbitrary PHP code execution vulnerability. The vulnerability arises because uploads/dede/syscacheup.php can acces...