vendor:
Dedecms
by:
zise
8.8
CVSS
HIGH
Variable coverage
CWE
Product Name: Dedecms
Affected Version From: dedecms 5.7-sp1 and all old versions
Affected Version To:
Patch Exists: NO
Related CWE: CVE-2015-4553
CPE:
Platforms Tested:
2015
Dedecms variable coverage leads to getshell
This vulnerability allows remote attackers to execute arbitrary code and gain unauthorized access to the affected system. By manipulating the 'install_demo_name' parameter in the 'install/index.php' file, an attacker can overwrite the contents of the 'config_update.php' file, leading to remote code execution and unauthorized access.
Mitigation:
Upgrade to the latest version of dedecms and apply any available patches.