edit-icon download-icon

[Vulnerability notice] Variable overwrite vulnerability in DedeCMS

Last Updated: Apr 18, 2018

Vulnerability description

Earlier versions of DedeCMS has a variable overwrite vulnerability, and the vulnerability file is in plus\myta_js.php.

By exploiting this vulnerability, an attacker can submit variables to overwrite the global variables of the database connection configuration. As a result, the attacked website is reversely connected to the database specified by the attacker. The attacker can then read the specified content and write Webshells to the attacked website.

Malicious hackers can use tools opened on the Internet to directly upload Webshells and intrude the website.

How to fix

Upgrade DedeCMS to the latest official version.

Thank you! We've received your feedback.