जमा करें #856135: 上海卓卓网络科技有限公司 DedeCMS 5.7.118 Command Shell in Externally Accessible Directoryजानकारी

शीर्षक上海卓卓网络科技有限公司 DedeCMS 5.7.118 Command Shell in Externally Accessible Directory
विवरणDedeCMS V5.7.118 backend album publishing functionality contains a ZIP path traversal vulnerability. The ExtractFile() function in include/zip.class.php directly uses $to.$header['filename'] as the target path (line 508) when extracting files, without performing any "../" path traversal checks on filenames in ZIP entries. An attacker can craft ZIP entries with ../../../../ prefixes to write malicious PHP files to the web root directory, achieving remote code execution. This vulnerability only requires administrator privileges and the album publishing feature, with no special configuration needed.
स्रोत⚠️ https://github.com/DunkBoyZz/dedecms/tree/379d9ec42cbe5d5b177578218070d69b6dada83f/2
उपयोगकर्ता
 dunkboy (UID 98888)
सबमिशन11/06/2026 04:40 PM (1 महीना पहले)
संयम14/07/2026 07:23 AM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि378247 [DedeCMS 5.7.118 Album Publishing Feature include/zip.class.php ExtractFile filename निर्देशिका ट्रैवर्सल]
अंक20

Interested in the pricing of exploits?

See the underground prices here!