Vulnerability Database

309,237

Total vulnerabilities in the database

CVE-2019-8362

DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content).

Published: Feb 16, 2019
Updated: Nov 9, 2025
CVE: CVE-2019-8362
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
dedecms / dedecms	5.7-sp2	5.7-sp2.x
dedecms / dedecms	5.7-sp1	5.7-sp1.x
dedecms / dedecms	-	5.7
dedecms / dedecms	5.7	5.7.x

http://tusk1.cn/2019/02/16/dedecms%20v5.7%20sp2%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo