A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225944.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LDedecms
APPDedecms5.7.87
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
Related vulnerabilities
CVE-2026-30643CRITICAL9.8PL ✓ten sam produkt
DedeCMS 5.7.118 — zdalne wykonanie kodu przez upload modułu (RCE)
CVE-2026-30694CRITICAL9.8PL ✓ten sam produkt
RCE w DedeCMS poprzez komponent array_filter
CVE-2024-35510CRITICAL9.8PL ✓ten sam produkt
DedeCMS – arbitrary file upload umożliwiający RCE
CVE-2024-35375CRITICAL9.8PL ✓ten sam produkt
DedeCMS 5.7.114 — arbitrary file upload w panelu administracyjnym
CVE-2024-33749CRITICAL9.1PL ✓ten sam produkt
DedeCMS – nieautoryzowane usunięcie dowolnego pliku przez mail_file_manage.php