CVE-2018-20129

CVE-2018-20129

An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the filename=1.jpg.p*hp value.

Source: CVE-2018-20129

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다