CVE-2019-6289

uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.
References
Link Resource
https://laolisafe.com/dedecms/ Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:dedecms:dedecms:5.7:sp2:*:*:*:*:*:*

Information

Published : 2019-01-15 07:29

Updated : 2021-07-21 11:39


NVD link : CVE-2019-6289

Mitre link : CVE-2019-6289

Products Affected
No products.