CVE-2020-18917

The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control...

DedeCMS跨站请求伪造漏洞

DedeCMS Weaving Dream Content Management System is an open source content management system that is simple, robust, flexible, and open source. an arbitrary PHP code execution vulnerability exists in the plus/search.php component of DedeCMS 5.7 SP2. The vulnerability stems from the contents of...