Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter component
AnalysisAI
A remote code execution vulnerability in DedeCMS v.5.7.118 and (CVSS 9.8) that allows a remote attacker. Critical severity with potential for significant impact on affected systems.
Technical ContextAI
CWE-94 (Code Injection). CVSS 9.8 indicates critical severity with likely remote exploitation vector. Affects DedeCMS v.5.7.118 and.
RemediationAI
Monitor vendor channels for patch availability. Implement input validation and WAF rules as interim mitigation.
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13147