DedeCMS 5.7 allows remote malicious users to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dedecms dedecms 5.7 |