SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote malicious users to execute arbitrary SQL commands via the arcurl parameter.
dedecms dedecms 5.1