The plus/search.php component in DedeCMS 5.7 SP2 allows remote malicious users to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dedecms dedecms 5.7 |