| 제목 | DedeBIZ 6.5.9 Code Injection |
|---|
| 설명 | Some backend modules of DedeBIZ (DedeCMS Commercial Edition) fail to perform security validation on file content when processing user input, allowing attackers with backend privileges to directly write arbitrary PHP code into server files. Attackers can use this feature to write files containing malicious PHP code, and then access those files to trigger code execution, thereby achieving remote code execution (RCE). |
|---|
| 원천 | ⚠️ https://github.com/HOrange147/CVE/blob/main/DedeBIZ%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C.pdf |
|---|
| 사용자 | formanagain (UID 93347) |
|---|
| 제출 | 2025. 12. 09. AM 11:01 (4 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 13. AM 10:09 (4 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 336381 [DedeBIZ 까지 6.5.9 catalog_add.php 권한 상승] |
|---|
| 포인트들 | 19 |
|---|