Path Traversal Vulnerability in DedeCMS 5.7.118 by Shanghai Zhuozhuo Network Technology Co. Ltd.
CVE-2026-15700
Key Information:
- Status
- Vendor
- CVE Published:
- 14 July 2026
Badges
What is CVE-2026-15700?
A security flaw has been identified in DedeCMS version 5.7.118, specifically within the ExtractFile function of the include/zip.class.php component related to the Album Publishing feature. This vulnerability permits path traversal, allowing attackers to manipulate the filename argument, which may lead to unauthorized file access. As this exploit has been publicly disclosed, it poses a significant risk, enabling remote attacks on vulnerable installations.
Affected Version(s)
DedeCMS 5.7.118
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
