CVE-2018-12045

CRITICAL

DedeCMS <V5.7SP2 - File Upload

Title source: llm

Description

DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/SukaraLin/php_code_audit_project/blob/master/dedecms/dedecms%20v5.7%20sp2%20%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0056

EPSS Percentile 68.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

dedecms/dedecms 5.7 (3 CPE variants)

dedecms/dedecms < 5.7

Published Jun 08, 2018

Tracked Since Feb 18, 2026