3 matches found
EUVD-2026-43279
A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The attack is possible to be carried out remotely. The exploit...
CVE-2020-18917
The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control...
DedeCMS跨站请求伪造漏洞
DedeCMS Weaving Dream Content Management System is an open source content management system that is simple, robust, flexible, and open source. an arbitrary PHP code execution vulnerability exists in the plus/search.php component of DedeCMS 5.7 SP2. The vulnerability stems from the contents of...