What is CVE-2018-7700?

CVE-2018-7700 is a vulnerability in N/a. Published 2018-03-27.

Is CVE-2018-7700 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-7700

DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.

EPSS: 0.932 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

0ps/pocassistdb
20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
SexyBeast233/SecBooks
chriskaliX/PHP-code-audit
jweny/pocassistdb
zhibx/fscan-Intranet

References

laworigin.github.io/2018/03/07/CVE-2018-7700-dedecms后台任意代码执行/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-7700?: CVE-2018-7700 is a vulnerability in N/a. Published 2018-03-27.
Is CVE-2018-7700 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.