uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote malicious users to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dedecms dedecms 5.7 |