Earlier versions of DedeCMS has a variable overwrite vulnerability, and the vulnerability file is in
By exploiting this vulnerability, an attacker can submit variables to overwrite the global variables of the database connection configuration. As a result, the attacked website is reversely connected to the database specified by the attacker. The attacker can then read the specified content and write Webshells to the attacked website.
Malicious hackers can use tools opened on the Internet to directly upload Webshells and intrude the website.
Upgrade DedeCMS to the latest official version.