CVE-2022-43192

Name of the Vulnerable Software and Affected Versions Dedecms version 5.7.101

Description The issue is related to an arbitrary file upload vulnerability in the /dede/file manage control.php component, allowing attackers to execute arbitrary code by uploading a crafted PHP file. This vulnerability is connected to an incomplete fix for a previous issue.

Recommendations For Dedecms version 5.7.101, consider restricting access to the /dede/file manage control.php component until a proper fix is applied to prevent arbitrary file uploads. As a temporary workaround, disabling the execution of uploaded files or implementing strict upload validation can help mitigate the risk of code execution.