Vulnerability: DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution

DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.

Impact

Successful exploitation of these vulnerabilities can lead to unauthorized actions performed on behalf of the user and execution of arbitrary code.

Severity

high

Verified

Unknown