Vulnerability Details CVE-2018-20129
An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the filename=1.jpg.p*hp value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.696
EPSS Ranking 98.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References