A file upload issue exists in DeDeCMS prior to 5.7-sp1, which allows malicious users getshell.
dedecms dedecms
dedecms dedecms 5.7