DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.
References
Link | Resource |
---|---|
https://github.com/SukaraLin/php_code_audit_project/blob/master/dedecms/dedecms%20v5.7%20sp2%20%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2018-06-07 18:29
Updated : 2018-07-27 06:51
NVD link : CVE-2018-12046
Mitre link : CVE-2018-12046
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
dedecms
- dedecms