Security Center can detect and fix Web-CMS vulnerabilities. The feature of Web-CMS vulnerability detection monitors website directories and identifies common website builders. This feature compares vulnerability files with the vulnerability library to detect the vulnerabilities in website builders. This topic describes how to view and handle Web-CMS vulnerabilities.
Background information
The feature of Web-CMS vulnerability detection obtains information about the latest Web-CMS vulnerabilities and patches, and delivers the patches. This allows you to detect and fix Web-CMS vulnerabilities at the earliest opportunity. This feature detects vulnerabilities in a timely manner, fixes vulnerabilities, and applies patches to fix multiple vulnerabilities at a time.
- The Basic and Anti-virus editions of Security Center only detect vulnerabilities, but do not fix them. To use Security Center to fix vulnerabilities with a few clicks, you must activate the Advanced, Enterprise, or Ultimate edition. For more information about the features supported by different Security Center editions, see Features.
- After you fix Web-CMS vulnerabilities in the Security Center console, the fixes immediately take effect. You do not need to verify the fixes.
For more information about the Web-CMS vulnerabilities that can be detected by Security Center, see Web-CMS vulnerabilities that can be detected.
View the basic information about a vulnerability
Handle vulnerabilities
Web-CMS vulnerabilities that can be detected
Type | Item |
---|---|
74CMS | Multiple SQL injection vulnerabilities in 74CMS |
Privilege escalation vulnerability in 74CMS | |
SQL injection vulnerability in 74CMS | |
Arbitrary file deletion vulnerability in 74CMS v4.1.15 | |
Arbitrary file read vulnerability in the latest version of 74CMS | |
DedeCMS | Variable overwrite vulnerability in DedeCMS |
Arbitrary file upload vulnerability in DedeCMS | |
Reinstallation vulnerability in DedeCMS | |
Injection vulnerability in DedeCMS | |
File upload vulnerability in DedeCMS | |
Password resetting vulnerability in DedeCMS | |
Vulnerability of arbitrary user logon from the frontend caused by cookie leaks in DedeCMS | |
SQL injection vulnerability caused by session variable overwrite in DedeCMS | |
Vulnerability of arbitrary file upload at the backend in DedeCMS | |
SQL injection vulnerability in DedeCMS | |
Template SQL injection vulnerability in DedeCMS | |
SQL injection vulnerability caused by cookie leaks in DedeCMS | |
Payment plug-in injection vulnerability in DedeCMS | |
Arbitrary file deletion by registered users in DedeCMS V5.7 | |
CSRF protection bypass vulnerability in DedeCMS V5.7 | |
Arbitrary file upload by common users in DedeCMS select_soft_post.php | |
Arbitrary file upload vulnerability in DedeCMS V5.7 SP2 (CVE-2019-8362) | |
Discuz | Code execution vulnerability in Discuz |
MemCache + ssrf permission acquisition vulnerability (GetShell) in Discuz | |
Backend SQL injection vulnerability in Discuz | |
Arbitrary attachment download caused by privilege escalation vulnerabilities in Discuz | |
Arbitrary file deletion vulnerability in Discuz | |
Encrypted message forgery vulnerability caused by authcode function defects in Discuz | |
Command execution vulnerability in the backend database backup feature of Discuz | |
ECShop | Code injection vulnerability in ECShop |
Password retrieval vulnerability in ECShop | |
Injection vulnerability in ECShop | |
ECShop backdoor | |
Arbitrary user logon vulnerability in ECShop | |
Backend SQL injection vulnerability in ECShop | |
SQL injection vulnerability in ECShop | |
Vulnerability of overwriting variables in the ECShop installation directory at the backend | |
Code execution caused by SQL injection vulnerabilities in ECShop | |
Secondary injection vulnerability in ECShop | |
Backend permission acquisition vulnerability in ECShop (GetShell) | |
Backend file download vulnerability in ECShop 2.7.3 | |
FCKEditor | Arbitrary file upload vulnerability in FCKeditor |
Joomla! | Remote code execution (RCE) vulnerability caused by malformed deserialized packet injection in Joomla! |
Unauthorized user creation vulnerability in Joomla! (CVE-2016-8870) | |
Core SQL injection vulnerability in Joomla! 3.7.0 | |
SQL injection vulnerability in Joomla! | |
PHPCMS | Injection vulnerability in PHPCMS |
AuthKey leak vulnerability in PHPCMS | |
Wide byte injection vulnerability in PHPCMS v9 | |
Arbitrary file read vulnerability caused by frontend code injection in PHPCMS | |
Permission acquisition vulnerability caused by some logic issues in PHPCMS (GetShell) | |
AuthKey leak caused by AuthKey generation algorithm issues in PHPCMS | |
SQL injection vulnerability in PHPCMS v9.6.2 | |
common.inc RCE vulnerability in PHPCMS 2008 | |
RCE vulnerability in template cache of PHPCMS 2008 | |
phpMyAdmin | Deserialized injection vulnerability in phpMyAdmin |
CVE-2016-6617 SQL injection vulnerability in phpMyAdmin | |
Permission acquisition vulnerability caused by checkPageValidity function defects in phpMyAdmin version 4.8.1 and earlier (GetShell) | |
phpMyAdmin 4.8.5 | |
PHPWind | GET request CSRF vulnerability in PHPWind v9 task center |
Permission acquisition vulnerability caused by MD5 padding vulnerabilities in PHPWind v9 (GetShell) | |
Backend SQL injection vulnerability in PHPWind | |
Cross-site scripting (XSS) injection into UBB tag attributes in PHPWind | |
ThinkPHP5 | Medium-risk permission acquisition vulnerability caused by cache function design flaws in ThinkPHP 5.0.10-3.2.3 (GetShell) |
High-risk RCE vulnerability in ThinkPHP 5.0 | |
RCE vulnerability in ThinkPHP 5.1.X (X less than or equal to 30) | |
High-risk Request.php RCE vulnerability in versions earlier than ThinkPHP 5.0.24 | |
WordPress | Arbitrary file upload vulnerability in WordPress |
IP address verification vulnerability in WordPress | |
WP_Image_Editor_Imagick instruction injection vulnerability in WordPress | |
XSS vulnerability in the bbPress plug-in of WordPress | |
Mailpress RCE vulnerability in WordPress | |
DOS vulnerability caused by arbitrary directory traversal in the backend plug-in update module of WordPress | |
SQL injection vulnerability caused by arbitrary user logon to the backend plug-in of WordPress | |
Username enumeration vulnerability in versions earlier than WordPress 4.7.1 (CVE-2017-5487) | |
SQL injection vulnerability in WordPress | |
XSS vulnerability in WordPress | |
Content injection vulnerability in WordPress | |
RCE vulnerabilities caused by the sitename field in WordPress Mail | |
SQL injection vulnerability in the Catalogue plug-in of WordPress | |
Arbitrary file deletion vulnerability in WordPress | |
Permission acquisition vulnerability caused by multiple defects, such as Author permission path traversal in WordPress (GetShell) |
References
How often does Security Center detect vulnerabilities?
What are the differences between baselines and vulnerabilities?
What do I do if I cannot enable the vulnerability detection feature for a server on the Assets page?