VYPR
Unrated severityNVD Advisory· Published Jan 15, 2019· Updated Aug 4, 2024

CVE-2019-6289

CVE-2019-6289

Description

uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.