Back to search
CVE-2018-9134
Published: Mar 30, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://xz.aliyun.com/t/2234
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now