CVE-2020-18917: CSRF
First published: Tue Aug 24 2021(Updated: )
The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dedecms Dedecms | =5.7-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-18917?
CVE-2020-18917 is a vulnerability in the plus/search.php component of DedeCMS 5.7 SP2 that allows remote attackers to execute arbitrary PHP code.
How severe is CVE-2020-18917?
CVE-2020-18917 has a severity rating of 8.8 (high).
What software is affected by CVE-2020-18917?
DedeCMS 5.7 SP2 is affected by CVE-2020-18917.
How can the CVE-2020-18917 vulnerability be exploited?
CVE-2020-18917 can be exploited by sending malicious input through the typename parameter in the plus/search.php component of DedeCMS 5.7 SP2.
Is there a fix available for CVE-2020-18917?
At the time of writing, there is no known fix for CVE-2020-18917. It is recommended to follow the provided reference for any official updates or patches.
- collector/nvd-index
- vendor/dedecms
- canonical/dedecms dedecms
- version/dedecms dedecms/5.7-sp2