CVE-2019-8933

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7SP2

Description The issue allows attackers to upload a .php file to the uploads/ directory and then execute it. This can be achieved by visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php.

Recommendations For DedeCMS version 5.7SP2, consider restricting access to the template management functionality and the uploads/ directory to prevent unauthorized file uploads and executions. As a temporary workaround, consider disabling the template upload feature until a patch is available.