What is CVE-2018-20129?

CVE-2018-20129 is a vulnerability in N/a. Published 2018-12-13.

Is CVE-2018-20129 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-20129

An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the ima…

EPSS: 0.696 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

SexyBeast233/SecBooks
hktalent/bug-bounty

References

www.iwantacve.cn/index.php/archives/88/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-20129?: CVE-2018-20129 is a vulnerability in N/a. Published 2018-12-13.
Is CVE-2018-20129 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.