Critical severity9.8NVD Advisory· Published Apr 2, 2018· Updated Jun 17, 2026
CVE-2018-9174
CVE-2018-9174
Description
sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.
Affected products
1Patches
Vulnerability mechanics
References
1- xz.aliyun.com/t/2237nvdThird Party Advisory
News mentions
0No linked articles in our index yet.