Arbitrary PHP Code Execution in DedeCMS 5.7 via sys_verifies.php

Arbitrary PHP Code Execution in DedeCMS 5.7 via sys_verifies.php

CVE-2018-9174 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.

Learn more about our Cms Pen Testing.