| Title | Shanghai Zhuozhuo Network Technology Co. DedeCMS <=V5.7.118 Incomplete Identification of Uploaded File Variables |
|---|
| Description | There is a file upload vulnerability (module_upload.php) in the DedeCMS backend. Due to insecure file validation, an attacker can construct specially crafted upload data to upload a webshell file to the server, leading to an arbitrary code execution vulnerability. The uploaded malicious file can be accessed remotely by any user. |
|---|
| Source | ⚠️ https://gist.github.com/0psPwn/10c43912adee9bfe2ff4fec947d4ee5a |
|---|
| User | Lin0ps (UID 95491) |
|---|
| Submission | 03/18/2026 12:41 (23 days ago) |
|---|
| Moderation | 04/04/2026 08:54 (17 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 251704 [DedeCMS 5.7.112 module_upload.php unrestricted upload] |
|---|
| Points | 0 |
|---|