CVE-2025-5137 | DedeCMS 5.7.117 Incomplete Fix CVE-2018-9175 sys_verifies.php?action=getfiles refiles code injection

Inserito da Angelo Barbosa | Mag 23, 2025 | CVE

A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection.

This vulnerability is traded as CVE-2025-5137. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-5137 | DedeCMS 5.7.117 Incomplete Fix CVE-2018-9175 sys_verifies.php?action=getfiles refiles code injection

Post correlati

CVE-2024-2019 | WP-DB-Table-Editor Plugin up to 1.8.4 on WordPress authorization

CVE-2024-2959 | SVS Pricing Tables Plugin up to 1.0.4 on WordPress cross-site request forgery

CVE-2025-1332 | FastCMS up to 0.1.5 Template Menu menu cross site scripting (IBKJ1W)

CVE-2025-25635 | TOTOLINK A3002R 1.1.1-B20200824.0128 /bin/boa formIpv6Setup pppoe_dns1 buffer overflow