CVE-2018-9174

sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.
References
Link Resource
https://xz.aliyun.com/t/2237 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:dedecms:dedecms:5.7:*:*:*:*:*:*:*

Information

Published : 2018-04-02 03:29

Updated : 2018-05-02 02:37


NVD link : CVE-2018-9174

Mitre link : CVE-2018-9174

Products Affected
No products.
CWE