CVE-2018-9175

DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.
References
Link Resource
https://xz.aliyun.com/t/2237 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:dedecms:dedecms:5.7:*:*:*:*:*:*:*

Information

Published : 2018-04-02 03:29

Updated : 2018-05-02 02:38


NVD link : CVE-2018-9175

Mitre link : CVE-2018-9175

Products Affected
No products.
CWE