An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload.

A code execution vulnerability has been discovered in DedeCMS version 5.7.118. The vulnerability allows attackers to execute arbitrary code through crafted setup tag values during module upload processes. This represents a critical security flaw in the content management system that could lead to complete system compromise. Attackers can exploit this vulnerability by uploading malicious modules with specially crafted setup tags. The vulnerability affects the module upload functionality of the CMS. This could allow unauthorized code execution on affected systems running the vulnerable DedeCMS version.