cpe:/a:dedecms:dedecms:5.7:sp2 CVE-2019-6289 2019-01-15T02:29:00.193-05:00 2019-02-13T14:18:45.403-05:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2019-01-18T08:41:32.910-05:00 MISC https://laolisafe.com/dedecms/ uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename.