{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30694", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-24T01:30:03.735Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-19T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-19T17:07:20.443Z"}, "descriptions": [{"lang": "en", "value": "An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter component"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://leixyous-personal-organization.gitbook.io/dedecms-file-manage-getshell-via-bypass-blacklist/"}, {"url": "https://jacobjacobjacob.gitbook.io/cve-2026-30694/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T01:27:51.825822Z", "id": "CVE-2026-30694", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T01:30:03.735Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30694", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T01:27:51.825822Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T01:29:57.923Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://leixyous-personal-organization.gitbook.io/dedecms-file-manage-getshell-via-bypass-blacklist/"}, {"url": "https://jacobjacobjacob.gitbook.io/cve-2026-30694/"}], "descriptions": [{"lang": "en", "value": "An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter component"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-19T17:07:20.443Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30694", "state": "PUBLISHED", "dateUpdated": "2026-03-24T01:30:03.735Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-19T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDD6243A-0F88-4E95-87BD-D3A72938D6BF", "versionEndIncluding": "5.7.118", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter component"}, {"lang": "es", "value": "Un problema en DedeCMS v.5.7.118 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente array_filter."}], "id": "CVE-2026-30694", "lastModified": "2026-03-25T21:11:32.933", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-19T18:16:22.400", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://jacobjacobjacob.gitbook.io/cve-2026-30694/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://leixyous-personal-organization.gitbook.io/dedecms-file-manage-getshell-via-bypass-blacklist/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.7.118]"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "dedecms", "vendor": "dedecms"}], "analysis": {"en": {"generated_at": "2026-03-26T00:44:03.624358+00:00", "value": {"mitigation_remediation": ["Update DedeCMS to the latest version (\u22655.7.119) to eliminate the vulnerability.", "If an immediate upgrade is not possible, isolate the vulnerable system from the internet and monitor for suspicious activity.", "Verify that no custom scripts or patches modify array_filter behavior.", "Check for additional security updates from the vendor and apply them promptly."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is DedeCMS, specifically any release at or below version 5.7.118. Systems running these versions remain vulnerable; newer releases are not known to be affected.", "description_and_impact": "An issue in DedeCMS versions 5.7.118 and earlier allows a remote attacker to execute arbitrary code by exploiting the array_filter component. This flaw is classified as code injection (CWE\u201194) and can be used to run malicious code on the server hosting the CMS.", "risk_and_exploitability": "The CVSS score of 9.8 indicates a critical severity, and the EPSS score of less than 1% suggests low current exploitation probability. The vulnerability is not listed in CISA\u2019s KEV catalog. Based on the description, it is inferred that the attack can be performed remotely via the CMS\u2019s web interface, likely by sending specially crafted requests that trigger the array_filter component."}}}}, "created": "2026-03-20T08:58:02.739500+00:00", "title": "Remote Code Execution via array_filter in DedeCMS v5.7.118 and Earlier", "updated": "2026-03-26T12:20:46.283199+00:00", "vendors": ["dedecms", "dedecms$PRODUCT$dedecms"]}