Arbitrary PHP Code Execution in DedeCMS 5.7 via sys_verifies.php
CVE-2018-9174 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.
Learn more about our Cms Pen Testing.