Arbitrary PHP Code Execution in DedeCMS 5.7 SP2 via plus/search.php Component

Arbitrary PHP Code Execution in DedeCMS 5.7 SP2 via plus/search.php Component

CVE-2020-18917 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.

Learn more about our Cms Pen Testing.