CVE-2024-35510
📋 TL;DR
This critical vulnerability in DedeCMS allows attackers to upload arbitrary files to the server, leading to remote code execution. Attackers can compromise the entire web server by uploading malicious PHP files. All systems running the vulnerable DedeCMS version are affected.
💻 Affected Systems
- DedeCMS
📦 What is this software?
Dedecms by Dedecms
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, ransomware deployment, lateral movement to other systems, and persistent backdoor installation.
Likely Case
Webshell upload leading to website defacement, data exfiltration, and use as a foothold for further attacks.
If Mitigated
Limited impact if file uploads are blocked at WAF level or server permissions prevent execution.
🎯 Exploit Status
Exploitation requires access to the admin panel (/dede/ directory). Public proof-of-concept code is available in GitHub repositories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v5.7.115 or later
Vendor Advisory: https://github.com/dedecms/DedeCMS/releases
Restart Required: No
Instructions:
1. Backup your DedeCMS installation and database. 2. Download the latest version from the official GitHub repository. 3. Replace the vulnerable file /dede/file_manage_control.php with the patched version. 4. Verify file permissions and ownership.
🔧 Temporary Workarounds
Restrict access to admin panel
allBlock external access to the /dede/ directory using web server configuration.
# Apache: Add to .htaccess
Deny from all
# Nginx: Add to server block
location /dede/ { deny all; }
Disable file upload functionality
linuxRemove or rename the vulnerable file to prevent exploitation.
mv /path/to/dede/file_manage_control.php /path/to/dede/file_manage_control.php.bak
🧯 If You Can't Patch
- Implement strict file upload validation at the web application firewall (WAF) level to block PHP file uploads.
- Configure server permissions to prevent execution of uploaded files in web directories.
🔍 How to Verify
Check if Vulnerable:
Check if /dede/file_manage_control.php exists and contains the vulnerable code pattern. Review access logs for POST requests to this file with file upload parameters.Check Version:
Check the DedeCMS version in /data/common.inc.php or admin panel footer.Verify Fix Applied:
Verify the file_manage_control.php has been updated to v5.7.115+ or removed. Test file upload functionality with malicious extensions to ensure they are blocked.📡 Detection & Monitoring
Log Indicators:
- POST requests to /dede/file_manage_control.php with file upload parameters
- Upload of files with .php, .phtml, or other executable extensions to upload directories
Network Indicators:
- Unusual outbound connections from web server following file uploads
- HTTP requests to newly created PHP files in upload directories
SIEM Query:
source="web_logs" AND uri="/dede/file_manage_control.php" AND method="POST" AND (file_extension="php" OR file_extension="phtml")