CVE-2018-10375

Name of the Vulnerable Software and Affected Versions: DedeCMS version V5.7 SP2

Description: A file uploading issue exists, allowing attackers to upload and execute arbitrary PHP code. This can be achieved via the /dede/archives do.php?dopost=uploadLitpic endpoint, specifically through the litpic parameter, when the "Content-Type: image/jpeg" header is sent with a filename ending in .php that contains PHP code.

Recommendations: For DedeCMS version V5.7 SP2, consider restricting access to the /dede/archives do.php endpoint or disabling the file upload functionality until a fix is available. Additionally, as a temporary workaround, restrict the litpic parameter to prevent uploading files with PHP code.