Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.
No PoCs from references.
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/SexyBeast233/SecBooks
- https://github.com/hktalent/bug-bounty