Headline
CVE-2023-2059: cve/dedecms.md at main · ATZXC-RedTeam/cve
A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: '…\filedir’. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225944.
Permalink
1 contributor
Users who have contributed to this file
Directory traversal exists in dedecms v5.7.87
There is a vulnerability file:uploads/include/dialog/select_templets.php
The $activepath parameter is controllable, and there is a regular bypass.
The dir() function lists the directory, then the read() function loops through the contents of the directory.
By way of… \ Can bypass filtering to achieve directory traversal, resulting in directory traversal