إرسال #854989: 上海卓卓网络科技有限公司 DedeCMS 5.7.118 Command Shell in Externally Accessible Directoryالمعلومات

عنوان上海卓卓网络科技有限公司 DedeCMS 5.7.118 Command Shell in Externally Accessible Directory
الوصفDedeCMS V5.7.118 has a remote code execution vulnerability. Attackers can modify column names in the background management system to write malicious PHP code to the column cache file, leading to remote code execution. This vulnerability does not require file uploads or special configuration, only administrator privileges are needed to complete the attack.
المصدر⚠️ https://github.com/DunkBoyZz/cve/blob/cb7d6aa088d5ae4b603399af0a3279c18b084f11/DedeCMS%20V5.7.118%20Column%20Name%20Cache%20File%20Writing%20RCE%20Vulnerability.docx
المستخدم
 dunkboy (UID 98888)
ارسال10/06/2026 10:34 AM (1 شهر منذ)
الاعتدال12/07/2026 06:08 PM (1 month later)
الحالةمكرر
إدخال VulDB377878 [DedeCMS 5.7.118 Column Management /plus/search.php Column Name تجاوز الصلاحيات]
النقاط0

Do you want to use VulDB in your project?

Use the official API to access entries easily!