Soumettre #710164: DedeBIZ 6.5.9 Code Injectioninformation

TitreDedeBIZ 6.5.9 Code Injection
DescriptionSome backend modules of DedeBIZ (DedeCMS Commercial Edition) fail to perform security validation on file content when processing user input, allowing attackers with backend privileges to directly write arbitrary PHP code into server files. Attackers can use this feature to write files containing malicious PHP code, and then access those files to trigger code execution, thereby achieving remote code execution (RCE).
La source⚠️ https://github.com/HOrange147/CVE/blob/main/DedeBIZ%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C.pdf
Utilisateur
 formanagain (UID 93347)
Soumission09/12/2025 11:01 (il y a 4 mois)
Modérer13/12/2025 10:09 (4 days later)
StatutAccepté
Entrée VulDB336381 [DedeBIZ jusqu’à 6.5.9 catalog_add.php élévation de privilèges]
Points19

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!