提交 #854989: 上海卓卓网络科技有限公司 DedeCMS 5.7.118 Command Shell in Externally Accessible Directory信息

标题上海卓卓网络科技有限公司 DedeCMS 5.7.118 Command Shell in Externally Accessible Directory
描述DedeCMS V5.7.118 has a remote code execution vulnerability. Attackers can modify column names in the background management system to write malicious PHP code to the column cache file, leading to remote code execution. This vulnerability does not require file uploads or special configuration, only administrator privileges are needed to complete the attack.
来源⚠️ https://github.com/DunkBoyZz/cve/blob/cb7d6aa088d5ae4b603399af0a3279c18b084f11/DedeCMS%20V5.7.118%20Column%20Name%20Cache%20File%20Writing%20RCE%20Vulnerability.docx
用户
 dunkboy (UID 98888)
提交2026-06-10 10時34分 (1 月前)
管理2026-07-12 18時08分 (1 month later)
状态重复
VulDB条目377878 [DedeCMS 5.7.118 Column Management /plus/search.php Column Name 权限提升]
积分0

Do you know our Splunk app?

Download it now for free!