CVE-2009-2270

Name of the Vulnerable Software and Affected Versions dedecms version 5.3

Description The issue allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename. This can be achieved by uploading a file with a name such as .jpg.php and then accessing it via unspecified vectors.

Recommendations For dedecms version 5.3, consider restricting file uploads to only allow specific, safe file extensions to prevent the execution of arbitrary code. As a temporary workaround, restrict access to the member/uploads edit.php file until a patch is available.