'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:dedecms_v5.7.114_code_injection_vul(Rule ID:1070210470)

Release Date2025/9/15

Rule NameCVE-2024-6940:DedeCMS V5.7.114 article_template_rand.php Code Injection Vulnerability

Severity:high

CVE IDCVE-2024-6940

 

Descripiton

DesDev DedeCMS (Dedecms Content Management System) is an open-source content management system (CMS) based on PHP, developed by DesDev Network (DesDev) in China. This system features content publishing, content management, content editing, and content retrieval functions. Before version 5.7.114 of DesDev DedeCMS, there was a security vulnerability, which originated from code injection issues in certain interfaces. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.