CVE-2018-20129

An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the filename=1.jpg.p*hp value.
References
Link Resource
http://www.iwantacve.cn/index.php/archives/88/ Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:dedecms:dedecms:5.7:sp2:*:*:*:*:*:*

Information

Published : 2018-12-13 00:29

Updated : 2019-02-05 13:23


NVD link : CVE-2018-20129

Mitre link : CVE-2018-20129


JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa

Products Affected

dedecms

  • dedecms