Primary

Context

DedeCMS Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in DedeCMS versions through 5.7.118. The issue arises in the backend module management system, which allows the upload of custom module XML files. During the installation process, the `<setup>` node is base64-decoded and executed via the `include()` function, leading to arbitrary code execution.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server.

Reproduction

To reproduce this vulnerability, log into the DedeCMS backend and navigate to the module management section. Upload a custom module XML file, ensuring to include base64-encoded PHP code in the `<setup>` node. After the module is uploaded, confirm its recognition in the system, then initiate the setup process. Once the setup is completed, the injected PHP code will be executed, allowing for remote code execution.

Added: Apr 1, 2026, 5:49 PM

Updated: Apr 1, 2026, 5:49 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

10.0

exploitability

6.3

remediation

0.0

relevance

5.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

10.0

exploitability

6.3

remediation

0.0

relevance

5.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DedeCMS Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

DedeCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating