| 标题 | Shanghai Zhuozhuo Network Technology Co., LTD dedeCMS <=5.7.2 Command Injection |
|---|
| 描述 | Vulnerability Summary: Template Injection Command Execution in dedeCMS 5.7 SP2
Overview
A critical template injection vulnerability exists in dedeCMS version 5.7 SP2 and earlier, allowing authenticated attackers to execute arbitrary system commands.
Affected Software
Vendor: Shanghai Zhuozhuo Network Technology Co., LTD
Software: dedeCMS
Affected Version: ≤ 5.7.2
Vulnerability Details
Type: Template Injection leading to Remote Code Execution
Location: /include/dedetag.class.php
Access Requirement: Requires authentication with admin privileges (default credentials: admin/admin)
Exploitation
The vulnerability can be exploited by accessing the /dede/co_get_corule.php interface with malicious input in the notes parameter:
/dede/co_get_corule.php?notes={dede:");system('calc');///}&job=1
The payload needs to be accessed twice for successful command execution
The example demonstrates execution of the calc command (calculator), but could be replaced with any system command
Impact
Successful exploitation allows attackers to:
Execute arbitrary system commands on the server
Potentially gain complete control of the affected system
Perform various malicious activities depending on server permissions
Verification
The vulnerability can be verified by observing successful execution of the injected command (in the PoC case, launching the calculator application).
Recommendation
Users should immediately update to a patched version of dedeCMS or apply appropriate security measures to restrict access to vulnerable components. |
|---|
| 来源 | ⚠️ https://github.com/jujubooom/CVE/issues/1 |
|---|
| 用户 | Ewoji (UID 86574) |
|---|
| 提交 | 2025-06-13 15時42分 (10 月前) |
|---|
| 管理 | 2025-06-19 12時18分 (6 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 313331 [DedeCMS 直到 5.7.2 Template dedetag.class.php notes 权限提升] |
|---|
| 积分 | 20 |
|---|