CVE Details
Basic Information
| Title | DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection |
|---|---|
| Type | cve |
| Published | 2025-05-25T00:00:10.371Z |
| Last Seen |
Product Information
| Vendor | n/a |
|---|---|
| Product | DedeCMS |
| Version | 5.7.117 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in DedeCMS 5.7.117 allows remote attackers to execute arbitrary code due to an incomplete fix for CVE-2018-9175. The vulnerability is in the `sys_verifies.php` file and can be exploited by manipulating the `refiles` argument, leading to code injection. |
|---|---|
| AI Severity | Critical |
| Vendor | DedeCMS |
| Product | DedeCMS |
| Affected Version | 5.7.117 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-94, CWE-74 |
| Bulletin Family | |
| Source Data | n/a DedeCMS 5.7.117 |
Source Information
| Source Data | n/a DedeCMS 5.7.117 |
|---|---|
| Source Link |
Description
A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: 5.1 (MEDIUM)