Desdev DedeCMS 'partcode' parameter cross-site request forgery vulnerability

Desdev DedeCMS Dream Weaving Content Management System Shanghai Zhuozhuo Network Technology Co., Ltd Desdev a set of open source content publishing, editing, management retrieval is equal to one of the PHP Web site content management system CMS. A cross-site request forgery vulnerability exists i...

CVE-2018-7700

DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tagtestaction.php request can specify a runphp field in conjunction with PHP code...

CVE-2018-7700

DedeCMS 5.7 (including 5.7SP2) is vulnerable to CSRF that can lead to arbitrary code execution via the partcode parameter in tag_test_action.php (runphp field with PHP code). Exploitation appears in the wild (2025), and remediation is to apply security patches/update to a newer DedeCMS version. A...

CVE-2018-7700

DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tagtestaction.php request can specify a runphp field in conjunction with PHP code...