The DedeCMS variable overwrite vulnerability may result in an injection vulnerability. The
/include/filter.inc.php file of DedeCMS is located after the system configuration file, in which the foreach statement cyclically creates variables to overwrite the system variables. Most files in the
/member directory contain this file. As a result, the system variables may be overwritten due to the vulnerability.
This vulnerability may cause leakage of the database and backend password.
Upgrade DedeCMS to the latest official version.