2021-08-24 19:34:10
mitre
PUBLISHED
The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attackers control.