Share:

CVE-2020-18917 - Dedecms Dedecms

August 24, 2021

Critical 8.8

The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.

Affected software

Dedecms Dedecms

Reference links

http://tusk1.cn/2019/05/12/DeDecms-v5-7-sp2-CRSF-%E6%96%87%E4%BB%B6%E6%93%8D%E4%BD%9C-%E5%89%8D%E5%8F%B0getshell/

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.