Security Center can detect and fix Web-CMS vulnerabilities. The feature of Web-CMS vulnerability detection monitors website directories and identifies common website builders. This feature compares vulnerability files with the vulnerability library to detect the vulnerabilities in website builders. This topic describes how to view and handle Web-CMS vulnerabilities.

Background information

The feature of Web-CMS vulnerability detection obtains information about the latest Web-CMS vulnerabilities and patches, and delivers the patches. This allows you to detect and fix Web-CMS vulnerabilities at the earliest opportunity. This feature detects vulnerabilities in a timely manner, fixes vulnerabilities, and applies patches to fix multiple vulnerabilities at a time.

Note
  • The Basic and Anti-virus editions of Security Center only detect vulnerabilities, but do not fix them. To use Security Center to fix vulnerabilities with a few clicks, you must activate the Advanced, Enterprise, or Ultimate edition. For more information about the features supported by different Security Center editions, see Features.
  • After you fix Web-CMS vulnerabilities in the Security Center console, the fixes immediately take effect. You do not need to verify the fixes.

For more information about the Web-CMS vulnerabilities that can be detected by Security Center, see Web-CMS vulnerabilities that can be detected.

View the basic information about a vulnerability

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. On the Vulnerabilities page, click the Web CMS tab.
  4. On the Web CMS tab, view the information about all Web-CMS vulnerabilities detected by Security Center.
    You can perform the following operations on the tab:
    • View vulnerability informationVulnerability information
    • View vulnerability priorities

      All Web-CMS vulnerabilities can cause serious damage. This is confirmed by Alibaba Cloud security engineers. Therefore, the priorities of detected Web-CMS vulnerabilities are High and marked in red.

      Note We recommend that you fix Web-CMS vulnerabilities at the earliest opportunity.
    • Handle the vulnerabilities detected by Cloud Firewall

      Security Center uses the Cloud firewall Supports Virtual patches tag to indicate a vulnerability detected by Cloud Firewall. You can click the tag or Protection in the Actions column to go to the Cloud Firewall console to fix the vulnerability. For more information, see Vulnerability prevention.

    • Add a vulnerability to the whitelist

      On the Web CMS tab, you can select the vulnerability you want to add to the whitelist and click Add to Whitelist. After you add a vulnerability to the whitelist, Security Center no longer generates alerts on this vulnerability.

      Add a vulnerability to the whitelist

      The vulnerability that is added to the whitelist is removed from the vulnerability list on the Web CMS tab. You can click Settings in the upper-right corner of the page to view the vulnerability in the Vul Whitelist section.

      If you want Security Center to detect and generate alerts on a vulnerability that is added to the whitelist, select the vulnerability in the Vul Whitelist section in the Settings panel and click Remove.

      Remove a vulnerability from the whitelist
    • Fix multiple vulnerabilities at a time
      If you fix multiple vulnerabilities at a time, Security Center automatically identifies affected assets and fixes the vulnerabilities on these assets. On the Web CMS tab, you can select the vulnerabilities that you want to fix and click Batch Repair. In the Batch Repair dialog box, view the assets that are affected by the vulnerabilities and click Fix Now.
      Note You can select the vulnerabilities only on the current page. A total of 10, 20, or 50 vulnerabilities can be displayed on each page. Therefore, you can fix a maximum of 50 vulnerabilities at a time.
    • Search for vulnerabilities

      On the Web CMS tab, you can search for vulnerabilities by severity level, asset group, vulnerability status, or vulnerability name. The severity level can be high, medium, or low. The vulnerability status can be handled or unhandled.

      Search for vulnerabilities
      Note Fuzzy match is supported for vulnerability search by name.
    • Export vulnerabilities
      On the Web CMS tab, you can click the Export icon icon to export and save all detected vulnerabilities to your computer. The vulnerabilities are exported to an Excel file.
      Note The time to export the vulnerabilities varies based on the size of vulnerability data.

Handle vulnerabilities

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. On the Vulnerabilities page, click the Web CMS tab.
  4. In the Vulnerability column, click the name of the vulnerability that you want to handle, or click Fix in the Actions column of the vulnerability that you want to handle. The panel that shows the vulnerability details appears.
    You can view the details of the vulnerability, number of unhandled vulnerabilities, and information about affected assets. Vulnerability details
  5. In the panel, view and handle the vulnerability.
    You can perform the following operations:
    • View vulnerability details

      The panel displays all the affected assets and vulnerabilities associated with the vulnerability. You can analyze all the related vulnerabilities and handle multiple vulnerabilities at a time.

      • On the Detail tab, you can view the brief introduction and solution to this vulnerability.
      • On the Pending vulnerability tab, you can view the assets that are affected by this vulnerability.

        You can view the assets affected by the vulnerability and the status of the vulnerability. You can fix or ignore a vulnerability. You can also verify a vulnerability fix or add a vulnerability to the whitelist.

      View vulnerability details
      On the Detail tab, click an asset in the Affected Assets column to go to the Vulnerabilities tab of the Assets page. On this tab, view the information about all Web-CMS vulnerabilities associated with this asset. Assets page
    • View vulnerability priorities

      All Web-CMS vulnerabilities can cause serious damage. This is confirmed by Alibaba Cloud security engineers. Therefore, the priorities of detected Web-CMS vulnerabilities are High and marked in red.

      Vulnerability priorities
      Note We recommend that you fix Web-CMS vulnerabilities at the earliest opportunity.
    • Search for vulnerabilities

      On the Pending vulnerability tab, you can search for affected assets by vulnerability priority, VPC name, asset group, vulnerability status, server IP address, or server name. The vulnerability priority can be high, medium, or low. The vulnerability status can be handled or unhandled.

      Search for vulnerabilities
      Note Fuzzy match is supported for vulnerability search by server IP address or name.
    • View vulnerability status
      • Handled
        • Handled: The vulnerability is fixed.
        • Ignored: The vulnerability is ignored. Security Center no longer generates alerts on this vulnerability.
        • Invalid: The vulnerability cannot be detected. You may have already deleted the file that contains the vulnerability.
      • Unhandled
        • Unfixed: The vulnerability is not fixed.
        • Fixing: The vulnerability is being fixed.
        • Fix Failed: Security Center failed to fix the vulnerability. The file that contains the vulnerability may have been modified or does not exist.
        • Verifying: Security Center is checking whether the vulnerability is fixed.
    • Handle the vulnerabilities of the affected assets

      You can fix or ignore a vulnerability. You can also verify a vulnerability fix or add a vulnerability to the whitelist.

      Handle vulnerabilities
      • Fix vulnerabilities
        Click Fix in the Actions column to fix one or more associated vulnerabilities at a time. In the Repair dialog box, click Fix Now. Fix vulnerabilities
        Note To prevent service interruptions, we recommend that you back up the data in your system before you fix the vulnerability.
      • Verify: If you fix a vulnerability by using methods rather than Security Center, you must click Verify. After the verification, the status of the vulnerability is updated. If you fix a Web-CMS vulnerability by using Security Center, the fix immediately takes effect. You do not need to verify the fix.
      • Ignore a vulnerability

        Find the vulnerability that you want to ignore, click the Ignore a vulnerability or undo a vulnerability fix icon in the Actions column, and then select Ignore. In the dialog box that appears, enter the description for the ignore operation and click OK. After a vulnerability is ignored, Security Center no longer generates alerts on this vulnerability.

        Search for Handled vulnerabilities, find the vulnerability that is ignored, and then click the vulnerability to go to the panel that shows the vulnerability details. In the panel, move the pointer over the Ignore icon icon in the Status column to view the description of the ignore operation. Description of the ignore operation
        Note The state of this vulnerability changes to Ignored. If you want Security Center to generate alerts on an ignored vulnerability, find the vulnerability in the Handled vulnerability list and click Unignore in the panel.
    • Export affected assets
      On the Pending vulnerability tab, click the Export icon icon above the asset list to export and save all affected assets to your computer. The assets are exported to an Excel file.
      Note The time to export the vulnerabilities varies based on the size of asset data.

Web-CMS vulnerabilities that can be detected

Type Item
74CMS Multiple SQL injection vulnerabilities in 74CMS
Privilege escalation vulnerability in 74CMS
SQL injection vulnerability in 74CMS
Arbitrary file deletion vulnerability in 74CMS v4.1.15
Arbitrary file read vulnerability in the latest version of 74CMS
DedeCMS Variable overwrite vulnerability in DedeCMS
Arbitrary file upload vulnerability in DedeCMS
Reinstallation vulnerability in DedeCMS
Injection vulnerability in DedeCMS
File upload vulnerability in DedeCMS
Password resetting vulnerability in DedeCMS
Vulnerability of arbitrary user logon from the frontend caused by cookie leaks in DedeCMS
SQL injection vulnerability caused by session variable overwrite in DedeCMS
Vulnerability of arbitrary file upload at the backend in DedeCMS
SQL injection vulnerability in DedeCMS
Template SQL injection vulnerability in DedeCMS
SQL injection vulnerability caused by cookie leaks in DedeCMS
Payment plug-in injection vulnerability in DedeCMS
Arbitrary file deletion by registered users in DedeCMS V5.7
CSRF protection bypass vulnerability in DedeCMS V5.7
Arbitrary file upload by common users in DedeCMS select_soft_post.php
Arbitrary file upload vulnerability in DedeCMS V5.7 SP2 (CVE-2019-8362)
Discuz Code execution vulnerability in Discuz
MemCache + ssrf permission acquisition vulnerability (GetShell) in Discuz
Backend SQL injection vulnerability in Discuz
Arbitrary attachment download caused by privilege escalation vulnerabilities in Discuz
Arbitrary file deletion vulnerability in Discuz
Encrypted message forgery vulnerability caused by authcode function defects in Discuz
Command execution vulnerability in the backend database backup feature of Discuz
ECShop Code injection vulnerability in ECShop
Password retrieval vulnerability in ECShop
Injection vulnerability in ECShop
ECShop backdoor
Arbitrary user logon vulnerability in ECShop
Backend SQL injection vulnerability in ECShop
SQL injection vulnerability in ECShop
Vulnerability of overwriting variables in the ECShop installation directory at the backend
Code execution caused by SQL injection vulnerabilities in ECShop
Secondary injection vulnerability in ECShop
Backend permission acquisition vulnerability in ECShop (GetShell)
Backend file download vulnerability in ECShop 2.7.3
FCKEditor Arbitrary file upload vulnerability in FCKeditor
Joomla! Remote code execution (RCE) vulnerability caused by malformed deserialized packet injection in Joomla!
Unauthorized user creation vulnerability in Joomla! (CVE-2016-8870)
Core SQL injection vulnerability in Joomla! 3.7.0
SQL injection vulnerability in Joomla!
PHPCMS Injection vulnerability in PHPCMS
AuthKey leak vulnerability in PHPCMS
Wide byte injection vulnerability in PHPCMS v9
Arbitrary file read vulnerability caused by frontend code injection in PHPCMS
Permission acquisition vulnerability caused by some logic issues in PHPCMS (GetShell)
AuthKey leak caused by AuthKey generation algorithm issues in PHPCMS
SQL injection vulnerability in PHPCMS v9.6.2
common.inc RCE vulnerability in PHPCMS 2008
RCE vulnerability in template cache of PHPCMS 2008
phpMyAdmin Deserialized injection vulnerability in phpMyAdmin
CVE-2016-6617 SQL injection vulnerability in phpMyAdmin
Permission acquisition vulnerability caused by checkPageValidity function defects in phpMyAdmin version 4.8.1 and earlier (GetShell)
phpMyAdmin 4.8.5
PHPWind GET request CSRF vulnerability in PHPWind v9 task center
Permission acquisition vulnerability caused by MD5 padding vulnerabilities in PHPWind v9 (GetShell)
Backend SQL injection vulnerability in PHPWind
Cross-site scripting (XSS) injection into UBB tag attributes in PHPWind
ThinkPHP5 Medium-risk permission acquisition vulnerability caused by cache function design flaws in ThinkPHP 5.0.10-3.2.3 (GetShell)
High-risk RCE vulnerability in ThinkPHP 5.0
RCE vulnerability in ThinkPHP 5.1.X (X less than or equal to 30)
High-risk Request.php RCE vulnerability in versions earlier than ThinkPHP 5.0.24
WordPress Arbitrary file upload vulnerability in WordPress
IP address verification vulnerability in WordPress
WP_Image_Editor_Imagick instruction injection vulnerability in WordPress
XSS vulnerability in the bbPress plug-in of WordPress
Mailpress RCE vulnerability in WordPress
DOS vulnerability caused by arbitrary directory traversal in the backend plug-in update module of WordPress
SQL injection vulnerability caused by arbitrary user logon to the backend plug-in of WordPress
Username enumeration vulnerability in versions earlier than WordPress 4.7.1 (CVE-2017-5487)
SQL injection vulnerability in WordPress
XSS vulnerability in WordPress
Content injection vulnerability in WordPress
RCE vulnerabilities caused by the sitename field in WordPress Mail
SQL injection vulnerability in the Catalogue plug-in of WordPress
Arbitrary file deletion vulnerability in WordPress
Permission acquisition vulnerability caused by multiple defects, such as Author permission path traversal in WordPress (GetShell)

References

How often does Security Center detect vulnerabilities?

What are the differences between baselines and vulnerabilities?

What do I do if I cannot enable the vulnerability detection feature for a server on the Assets page?