CVE-2018-12045

Name of the Vulnerable Software and Affected Versions DedeCMS versions prior to V5.7SP2

Description The issue allows for arbitrary file upload. This can be achieved by sending a request to the /dede/file manage view.php?fmdo=upload endpoint with a malicious upfile1 parameter, enabling the upload of unauthorized files, such as .php files.

Recommendations For versions prior to V5.7SP2, consider disabling the file upload functionality in dede/file manage control.php until a patch is available. Restrict access to the dede/file manage view.php endpoint to minimize the risk of exploitation. Avoid using the upfile1 parameter in the affected endpoint until the issue is resolved.