DedeCMS Code Injection Vulnerability in sys_verifies.php

A critical code injection vulnerability has been identified in DedeCMS version 5.7.117. The issue arises in the file sys_verifies.php, specifically within an unknown function that handles the action 'getfiles'. This vulnerability is an incomplete fix of CVE-2018-9175, where the manipulation of the 'refiles' argument allows for arbitrary code execution. The vulnerability can be exploited remotely, and the exploit has been publicly disclosed.

Impact

Exploitation of this vulnerability leads to arbitrary code execution on the server.

Reproduction

To reproduce this vulnerability, log into the DedeCMS backend as an administrator. Once logged in, navigate to the sys_verifies.php file and set the action to 'getfiles'. In the 'refiles' parameter, inject a payload that includes a command to be executed, such as 'phpinfo()'. After the payload is processed, the injected command will be executed, demonstrating the vulnerability.

Remediation

It is recommended to strengthen the input validation for the 'refiles' parameter in the sys_verifies.php file, ensuring that spaces, dots, dollar signs, and other potentially harmful characters are properly filtered out.