| शीर्षक | dedecms V5.7.118 Command Injection |
|---|
| विवरण |
Remote Code Execution via RunPHP Tag Attribute: A critical vulnerability exists in the DedeCMS template tag parsing system that allows authenticated administrators to execute arbitrary PHP code through the `runphp` tag attribute. This vulnerability bypasses content filtering mechanisms using PHP callback functions.
The DedeCMS template system supports a `runphp='yes'` attribute that enables PHP code execution within template tags. Although content filtering is implemented to prevent dangerous function calls, the filter can be bypassed using PHP's usort() callback mechanism, allowing attackers to execute arbitrary system commands.
Vulnerability Functionality:
- Direct Code Execution: Uses eval() to execute PHP code within template tags
- Content Filter Bypass: PHP callback functions circumvent variable function detection
- String Concatenation: Bypasses keyword blacklist by splitting dangerous function names
- One-Step Exploitation: No file upload required, direct command execution through tag testing |
|---|
| स्रोत | ⚠️ https://note-hxlab.wetolink.com/share/4D2GTz4wWGpV |
|---|
| उपयोगकर्ता | yu22x (UID 34832) |
|---|
| सबमिशन | 17/12/2025 05:14 AM (4 महीनों पहले) |
|---|
| संयम | 21/12/2025 01:36 PM (4 days later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 313331 [DedeCMS तक 5.7.2 Template dedetag.class.php notes अधिकार वृद्धि] |
|---|
| अंक | 0 |
|---|