Vulnerability Name: DedeCMS v5.7 Registered User Arbitrary File Deletion Vulnerability
Danger level: ★★★★★ (high risk)
Vulnerability file: /member/inc/archives_check_edit.php
Disclosure time: 2017-03-20
Vulnerability description: Registered members can use this vulnerability to arbitrarily delete website files.
Repair method:
Open /member/inc/archives_check_edit.php
Find the code around line 92:
$litpic =$oldlitpic;
change into:
$litpic =$oldlitpic; if (strpos( $litpic, '..') !== false || strpos( $litpic, $cfg_user_dir."/{$userid}/" ) === false) exit('not allowed path!');
The modified part is marked in red:
$litpic =$oldlitpic; if (strpos( $litpic, '..') !== false || strpos( $litpic, $cfg_user_dir."/{$userid}/" ) === false) exit('not allowed path!');