PT-2018-18905 · Dedecms · Dedecms
Publicado
2018-04-02
·
Atualizado
2018-05-02
·
CVE-2018-9174
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
DedeCMS version 5.7
Description
The issue allows remote attackers to execute arbitrary PHP code. This is possible because the contents of modifytmp.inc are under an attacker's control, specifically through the
refiles array parameter in sys verifies.php.Recommendations
For DedeCMS version 5.7, consider restricting access to the sys verifies.php file until a patch is available, and avoid using the
refiles array parameter in this context to minimize the risk of exploitation.Correção
RCE
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dedecms