CVE-2025-5137 DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection

A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sysverifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to...

Dedecms V5.7后台的两处getshell(CVE-2018-9175)

第一个是常见的思路，把语句写入inc文件，然后在其他的include语句中，包含了恶意代码进而getshell。 漏洞代码在:/dede/sysverifies.php 代码如下： else if $action == 'getfiles' if!isset$refiles ShowMsg"你没进行任何操作！","sysverifies.php"; exit; $cacheFiles = DEDEDATA.'/modifytmp.inc'; $fp = fopen$cacheFiles, 'w'; fwrite$fp, ''; fclose$fp; $dirinfos = ''; if$...