DedeCMS v5.7 Registered User Arbitrary File Deletion Vulnerability /member/inc/archives_check_edit.php

Others 2022-05-16 23:29:31 views: 0

Vulnerability Name: DedeCMS v5.7 Registered User Arbitrary File Deletion Vulnerability

  Danger level: ★★★★★ (high risk)

  Vulnerability file: /member/inc/archives_check_edit.php

  Disclosure time: 2017-03-20

  Vulnerability description: Registered members can use this vulnerability to arbitrarily delete website files.

  Repair method:

  Open /member/inc/archives_check_edit.php

  Find the code around line 92:

$litpic =$oldlitpic;

  change into:

$litpic =$oldlitpic; if (strpos( $litpic, '..') !== false || strpos( $litpic, $cfg_user_dir."/{$userid}/" ) === false) exit('not allowed path!');

  The modified part is marked in red:

  $litpic =$oldlitpic; if (strpos( $litpic, '..') !== false || strpos( $litpic, $cfg_user_dir."/{$userid}/" ) === false) exit('not allowed path!');

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326584531&siteId=291194637
Recommended
Ranking
ACCESS Group leads the trend of health, scarce raw materials and leading technology help brands ride the wind and waves in the big health industry
500 threads operate int objects at the same time [java multi-thread shared variable]
アート テンプレート レンダリングの基本構文
Vue sends asynchronous request
Ubuntu vs code next update
Description of classes and objects
780. Reaching the End: Number Theory Reasoning and Analysis Questions
OpenCV (image processing) - based on python-filter (how to use low-pass and high-pass filters)
FFmpeg learning (4) - Embed subtitles to the video
The calc( ) property in CSS3
Daily
More
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)
2024-07-22(0)
2024-07-21(0)
2024-07-20(0)
2024-07-19(0)
2024-07-18(0)
2024-07-17(0)

Code World

© 2018 codetd.com