VYPR
Unrated severityNVD Advisory· Published Dec 13, 2018· Updated Aug 5, 2024

CVE-2018-20129

CVE-2018-20129

Description

An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the filename=1.jpg.p*hp value.

Affected products

2
  • Dedecms/Dedecmsinferred2 versions
    <= 5.7 SP2+ 1 more
    • (no CPE)range: <= 5.7 SP2
    • (no CPE)range: = V5.7 SP2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.