CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-15 11:48:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
9fdf63f72aaf69c2cfcdf003f210c221cc422aaa
CVEs-PoC/2018/CVE-2018-9134.md
T
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

719 B
Raw Blame History

CVE-2018-9134

Description

file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters.

POC

Reference

Github

No PoCs found on GitHub currently.

Reference in New Issue View Git Blame Copy Permalink