Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Desdev DedeCMS 跨站请求伪造漏洞
Vulnerability Description
Desdev DedeCMS(织梦内容管理系统)是中国卓卓网络(Desdev)科技有限公司的一套开源的集内容发布、编辑、管理检索等于一体的PHP网站内容管理系统(CMS)。 Desdev DedeCMS 5.7版本中的file_manage_control.php文件的fmdo=rename操作存在跨站请求伪造漏洞,该漏洞源于程序没有正确的验证用户提交的输入。远程攻击者可借助‘oldfilename’和‘newfilename’参数可利用该漏洞执行PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A