PHP
CVE-2026-38615
CRITICAL
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.
Articles & Coverage 1
Analysis
DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Unauthenticated remote code execution in the JCE (Joomla Content Editor) extension for Joomla allows attackers to create
Authenticated remote code execution in Pheditor 2.0.1-2.0.3 lets any logged-in user with the default terminal permission
Remote code execution in YesWiki prior to 4.6.6 allows unauthenticated attackers to inject arbitrary PHP via the Bazar C
Authentication bypass in ealpha072's Student-Management-System PHP application exposes the administrative backend to rem
Improper authorization in the BeikeShop e-commerce platform (versions up to 1.6.0.22) allows remote unauthenticated atta
Share
External POC / Exploit Code
Leaving vuln.today