Kuinyoe

**Name of the Vulnerable Software and Affected Versions** DedeCMS versions up to 5.7.115 **Description** A critical issue affects some unknown processing of the file article string mix.php, leading to os command injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For DedeCMS versions up to 5.7.115, as a temporary workaround, consider restricting access to the file article string mix.php until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.