Description
A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Problem types
Timeline
| 2026-07-12: | Advisory disclosed |
| 2026-07-12: | VulDB entry created |
| 2026-07-12: | VulDB entry last update |
Credits
dunkboy (VulDB User)
References
vuldb.com/vuln/377878 (VDB-377878 | DedeCMS Column Management search.php code injection)
vuldb.com/vuln/377878/cti (VDB-377878 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-15533 (CVE-2026-15533 | CVE Analysis and Report)
vuldb.com/submit/854988 (Submit #854988 | 上海卓卓网络科技有限公司 DedeCMS 5.7.118 Command Shell in Externally Accessible Directory)
vuldb.com/submit/854989 (Submit #854989 | 上海卓卓网络科技有限公司 DedeCMS 5.7.118 Command Shell in Externally Accessible Directory (Duplicate))
github.com/...Name Cache File Writing RCE Vulnerability.docx