Wisdomtree

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 **Description** The issue concerns a CSRF vulnerability in the file manage control.php file. This vulnerability can be exploited by renaming an arbitrary file under uploads/userup to a .php file under the web root, allowing for PHP code execution. The `oldfilename` and `newfilename` parameters are used in this process. **Recommendations** For DedeCMS version 5.7, as a temporary workaround, consider restricting access to the file manage control.php file and the fmdo=rename action to minimize the risk of exploitation. Avoid using the `oldfilename` and `newfilename` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.