PT-2024-22953 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code by sending a crafted payload to the "stepselect main.php" component. Recommendations: For DedeCMS version 5.7, at the moment, ther...

Code injection

DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselectmain.php because code within the database is accessible to uploads/dede/syscacheup.php...