2018-04-02 03:00:00
mitre
PUBLISHED
sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attackers control.