CVE-2018-16784

EPSS 2.75% · P86 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-16784

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

DedeCMS 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

DedeCMS是一套基于PHP的网站内容管理系统（CMS）。 DedeCMS 5.7 SP2版本中存在安全漏洞。攻击者可借助‘<file type='file' name='../’子字符串利用该漏洞注入XML，进而执行代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-16784

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-16784

请登录查看更多情报信息。

https://github.com/ky-j/dedecms/issues/3x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2018-16784

Same Patch Batch · n/a · 2018-09-21 · 48 CVEs total

CVE-2018-3913		Samsung SmartThings Hub STH-ETH-250 video-core HTTP服务器缓冲区错误漏洞
CVE-2018-16786		DedeCMS 跨站脚本漏洞
CVE-2018-17292		WAVM 安全漏洞
CVE-2018-17298		Enalean Tuleap 安全漏洞
CVE-2018-17300		CuppaCMS 跨站脚本漏洞
CVE-2018-17301		EspoCRM 跨站脚本漏洞
CVE-2018-17302		EspoCRM 跨站脚本漏洞
CVE-2018-17283		ZOHO ManageEngine OpManager 安全漏洞
CVE-2018-17297		Hutool 安全漏洞
CVE-2018-11240		SoftCase T-Router 安全漏洞
CVE-2018-11241		SoftCase T-Router 安全漏洞
CVE-2018-9282		Subsonic Media Server 跨站脚本漏洞
CVE-2018-16793		Microsoft Exchange Server 代码问题漏洞
CVE-2018-16597		Linux kernel 权限许可和访问控制问题漏洞
CVE-2018-16281		Atlassian JIRA DEISER Profields - Project Custom Fields app 访问控制错误漏洞
CVE-2018-14691		Subsonic 跨站脚本漏洞
CVE-2018-14690		Subsonic 跨站脚本漏洞
CVE-2018-14689		Subsonic 跨站脚本漏洞
CVE-2018-14688		Subsonic 跨站脚本漏洞
CVE-2018-11352		Wallabag应用程序跨站脚本漏洞

Showing top 20 of 48 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-16784

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-16784

I. Basic Information for CVE-2018-16784

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-16784

III. Intelligence Information for CVE-2018-16784

Same Patch Batch · n/a · 2018-09-21 · 48 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-16784

Leave a comment