DedeCMS 5.5 has a variable overwrite vulnerability. The vulnerability is in the
include\dialog\select_soft_post.php file, in which the variable
$cfg_basedir is incorrectly initialized. An attacker can bypass authentication and system variables to initialize the file and upload any file to the specified directory.
The prerequisite for exploiting this vulnerability is
register_globals=on, which allows you to assign values to related variables using a custom form.
Attackers can use open tools to exploit this vulnerability to directly upload Webshells and intrude websites.
Upgrade DedeCMS to the latest official version.