CVE-2018-7700

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7

Description: The issue allows for arbitrary code execution due to a CSRF vulnerability. This is because the partcode parameter in a "tag test action.php" request can specify a runphp field in conjunction with PHP code.

Recommendations: For DedeCMS version 5.7, as a temporary workaround, consider disabling the runphp field in the "tag test action.php" request until a patch is available. Avoid using the partcode parameter in the affected request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.