edit-icon download-icon

[Vulnerability notice] Injection vulnerability in DedeCMS

Last Updated: Apr 18, 2018

Vulnerability description

The DedeCMS variable overwrite vulnerability may result in an injection vulnerability. The /include/filter.inc.php file of DedeCMS is located after the system configuration file, in which the foreach statement cyclically creates variables to overwrite the system variables. Most files in the /member directory contain this file. As a result, the system variables may be overwritten due to the vulnerability.

This vulnerability may cause leakage of the database and backend password.

How to fix

Upgrade DedeCMS to the latest official version.

Thank you! We've received your feedback.