CVE-2009-2270
dedecms 5.3 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Double Extension Bypass
Title source: llmDescription
Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php filename.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504653/100/0/threaded
Scores
EPSS
0.0105
EPSS Percentile
77.8%
Details
CWE
CWE-94
Status
published
Products (1)
dedecms/dedecms
5.3
Published
Jul 01, 2009
Tracked Since
Feb 18, 2026