Arbitrary PHP Code Execution via File Upload in DedeCMS V57_UTF8_SP2

Arbitrary PHP Code Execution via File Upload in DedeCMS V57_UTF8_SP2

CVE-2019-6289 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.

Learn more about our Cms Pen Testing.