VYPR
Critical severity9.8NVD Advisory· Published Apr 2, 2018· Updated Jun 17, 2026

CVE-2018-9175

CVE-2018-9175

Description

DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.

Affected products

2
  • Dedecms/Dedecmsinferred2 versions
    =5.7.0+ 1 more
    • (no CPE)range: =5.7.0
    • (no CPE)range: =5.7

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.