Dedecms latest two vulnerabilities and repair methods

DedeCms is well known for its simplicity, practicality, and open source. DedeCms is the most well-known PHP open source website management system in China and the most popular php cms system, after more than two years of development, the current version has made great strides in terms of functionality and ease of use. The main target users of the DedeCms free version are locked in personal webmasters, the function is more focused on the construction of personal websites or small and medium-sized portals. Of course, there are also enterprise users and schools who are using the system. Based on the technical architecture of PHP + MySQL, DedeCms is fully open-source and powerful and stable technical architecture, So that you plan to build a small website, we still want to ensure that the system can be expanded at will after the website continues to grow. Dedecms latest injection dede patch vulnerability in July is a principle plus/guestbook. inc. php require (dirname (_ FILE __). '/.. /.. /include/common. inc. php '); require_once (DEDEINC. "/filter. inc. php "); plus/guestbook. inc. php require_once (dirname (_ FILE __). '/guestbook. inc. php ');............ $ Query = "insert into 'dede _ guestbook '(title, tid, mid, uname, email, homepage, qq, face, msg, ip, dtime, ischeck) VALUES ('$ title',' $ tid', '{$ g_mid}', '$ uname',' $ email ',' $ homepage', '$ qq ', '$ img', '$ msg', '$ ip',' $ dtime', '$ needCheck'); '; "; copy the code $ catid variable and $ typeid variable without initialization. Plus/bookfeedback. php. require_once (dirname (_ FILE __). "/.. /include/common. inc. php "); require_once (DEDEINC. "/filter. inc. php "); require_once (DEDEINC. "/channelunit. func. php ");.............. // Save the comment content

If ($ comtype = 'comments') {$ arctitle = addslashes ($ arcRow ['artle tle']); $ arctitle = $ arcRow ['arctitle']; if ($ msg! = ") {$ Inquery =" insert into 'dede _ bookfeedback' ('aid ', 'catid', 'username', 'artle TLE', 'IP', 'ischeck ', 'dtime', 'mid ', 'bad', 'good', 'ftype', 'face', 'msg') VALUES ('$ aid', '$ catid ', '$ username',' $ bookname', '$ ip',' $ ischeck', '$ dtime',' {$ hour _ml-> M_ID} ', '0 ′, '0', '$ feedbacktype',' $ face', '$ msg'); "; $ rs = $ dsql-> ExecuteNoneQuery ($ inquery); if (! $ Rs) {echo $ dsql-> GetError (); exit () ;}}// reference reply

Elseif ($ comtype = 'reply') {$ row = $ dsql-> GetOne ("Select * from 'dede _ bookfeedback' where id = '$ fid '"); $ arctitle = $ row ['artle tle']; $ aid = $ row ['aid ']; $ msg = $ quotemsg. $ msg; $ msg = HtmlReplace ($ msg, 2); $ inquery = "insert into 'dede _ bookfeedback' ('aid ', 'typeid', 'username ', 'artitle', 'IP', 'ischeck', 'dtime', 'mid, 'bad', 'good', 'ftype', 'face', 'msg ') VALUES ('$ aid', '$ typeid',' $ username', '$ Artle TLE ', '$ Ip',' $ ischeck', '$ dtime',' {$ cfg_ml-> M_ID} ', '0', '0',' $ feedbacktype ', '$ face',' $ msg ') "; $ dsql-> ExecuteNoneQuery ($ inquery);} $ img variable is not initialized.Solution:

Wait for the official patch.