| tiêu đề | DeDecms DeDecms ≤ 5.7.112 Post-Auth File Upload |
|---|
| Mô tả | This vulnerability is present in the latest version of the Dedecms product, 5.7.112, and affects all previous versions. Exploitation of the vulnerability requires an administrator account. Once logged into the backend, an attacker can exploit the vulnerability in the backend administrator module of Dedecms. This vulnerability allows for malicious file uploads. Although Dedecms has implemented stringent threat function interception measures, this vulnerability can be exploited by utilizing a .htaccess file to circumvent these protective measures. As a result, it enables the execution of arbitrary PHP code without any restrictions. |
|---|
| Nguồn | ⚠️ https://hmxwjm7x03.feishu.cn/docx/FPjhdYcQvocR4gxy34Rc0pmon5e?from=from_copylink |
|---|
| Người dùng | Alphabug (UID 60726) |
|---|
| Đệ trình | 28/12/2023 11:23 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 05/01/2024 11:58 (8 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 249768 [DeDeCMS đến 5.7.112 Backend file_class.php nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|