Unrated severityNVD Advisory· Published Dec 13, 2018· Updated Aug 5, 2024
CVE-2018-20129
CVE-2018-20129
Description
An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the filename=1.jpg.p*hp value.
Affected products
2Patches
Vulnerability mechanics
References
1- www.iwantacve.cn/index.php/archives/88/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.