CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-9174

sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 77.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://xz.aliyun.com/t/2237
https://xz.aliyun.com/t/2237

Products affected by CVE-2018-9174

Dedecms » Dedecms » Version: 5.7

cpe:2.3:a:dedecms:dedecms:5.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-9174

Products

Pricing

Contact Us