DedeCMS through V5.7SP2 allows arbitrary file upload in...
Critical severity
Unreviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Feb 2, 2023
Description
Published by the National Vulnerability Database
Jun 8, 2018
Published to the GitHub Advisory Database
May 14, 2022
Last updated
Feb 2, 2023
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.
References