DedeCMS 5.7 allows remote malicious users to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
dedecms dedecms 5.7 |
Vulmon