Published: 27/03/2018 Updated: 19/04/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dedecms dedecms 5.7

Check Point Reference: CPAI-2018-2655 Date Published: 8 Feb 2024 Severity: High ...

仅用来记录审计过的PHP框架，具体的分析会部分的出现在博客中

复现清单 thinkphp 5024 反序列化链 5023 以下RCE 601 不安全的session 通达OA v115 以下任意用户登录 Thinkcmf 2x缓存Getshell PbootCMS v207 Getshell Drupal CVE-2018-7600 RCE Laravel 反序列化链(run函数入口) 反序列化链0day(奶权的，十分精彩) Dedecms 后台模板RCE(CVE-2018-7700) 实战慢慢的从输�

CWE-352 https://laworigin.github.io/2018/03/07/CVE-2018-7700-dedecms%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/https://nvd.nist.gov https://github.com/chriskaliX/PHP-code-audit https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2018-2655.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-7700

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect