View and handle Web-CMS vulnerabilities - - Alibaba Cloud Documentation Center

Security Center can detect and fix Web-CMS vulnerabilities. The feature of Web-CMS vulnerability detection monitors website directories and identifies common website builders. This feature compares vulnerability files with the vulnerability library to detect the vulnerabilities in website builders. This topic describes how to view and handle Web-CMS vulnerabilities.

Background information

The feature of Web-CMS vulnerability detection obtains information about the latest Web-CMS vulnerabilities and patches, and delivers the patches. This allows you to detect and fix Web-CMS vulnerabilities at the earliest opportunity. This feature detects vulnerabilities in a timely manner, fixes vulnerabilities, and applies patches to fix multiple vulnerabilities at a time.

Note

The Basic and Anti-virus editions of Security Center only detect vulnerabilities, but do not fix them. To use Security Center to fix vulnerabilities with a few clicks, you must activate the Advanced, Enterprise, or Ultimate edition. For more information about the features supported by different Security Center editions, see Features.
After you fix Web-CMS vulnerabilities in the Security Center console, the fixes immediately take effect. You do not need to verify the fixes.

For more information about the Web-CMS vulnerabilities that can be detected by Security Center, see Web-CMS vulnerabilities that can be detected.

View the basic information about a vulnerability

Log on to the Security Center console.
In the left-side navigation pane, choose Precaution > Vulnerabilities.
On the Vulnerabilities page, click the Web CMS tab.
On the Web CMS tab, view the information about all Web-CMS vulnerabilities detected by Security Center.
You can perform the following operations on the tab:
- View vulnerability information
- View vulnerability priorities
  All Web-CMS vulnerabilities can cause serious damage. This is confirmed by Alibaba Cloud security engineers. Therefore, the priorities of detected Web-CMS vulnerabilities are High and marked in red.
  
  Note We recommend that you fix Web-CMS vulnerabilities at the earliest opportunity.
- Handle the vulnerabilities detected by Cloud Firewall
  Security Center uses the Cloud firewall Supports Virtual patches tag to indicate a vulnerability detected by Cloud Firewall. You can click the tag or Protection in the Actions column to go to the Cloud Firewall console to fix the vulnerability. For more information, see Vulnerability prevention.
- Add a vulnerability to the whitelist
  On the Web CMS tab, you can select the vulnerability you want to add to the whitelist and click Add to Whitelist. After you add a vulnerability to the whitelist, Security Center no longer generates alerts on this vulnerability.
  The vulnerability that is added to the whitelist is removed from the vulnerability list on the Web CMS tab. You can click Settings in the upper-right corner of the page to view the vulnerability in the Vul Whitelist section.
  
  If you want Security Center to detect and generate alerts on a vulnerability that is added to the whitelist, select the vulnerability in the Vul Whitelist section in the Settings panel and click Remove.
- Fix multiple vulnerabilities at a time
  If you fix multiple vulnerabilities at a time, Security Center automatically identifies affected assets and fixes the vulnerabilities on these assets. On the Web CMS tab, you can select the vulnerabilities that you want to fix and click Batch Repair. In the Batch Repair dialog box, view the assets that are affected by the vulnerabilities and click Fix Now.
  
  Note You can select the vulnerabilities only on the current page. A total of 10, 20, or 50 vulnerabilities can be displayed on each page. Therefore, you can fix a maximum of 50 vulnerabilities at a time.
- Search for vulnerabilities
  On the Web CMS tab, you can search for vulnerabilities by severity level, asset group, vulnerability status, or vulnerability name. The severity level can be high, medium, or low. The vulnerability status can be handled or unhandled.
  
  Note Fuzzy match is supported for vulnerability search by name.
- Export vulnerabilities
  On the Web CMS tab, you can click the icon to export and save all detected vulnerabilities to your computer. The vulnerabilities are exported to an Excel file.
  
  Note The time to export the vulnerabilities varies based on the size of vulnerability data.

Handle vulnerabilities

Log on to the Security Center console.
In the left-side navigation pane, choose Precaution > Vulnerabilities.
On the Vulnerabilities page, click the Web CMS tab.
In the Vulnerability column, click the name of the vulnerability that you want to handle, or click Fix in the Actions column of the vulnerability that you want to handle. The panel that shows the vulnerability details appears.
You can view the details of the vulnerability, number of unhandled vulnerabilities, and information about affected assets.
In the panel, view and handle the vulnerability.
You can perform the following operations:
- View vulnerability details
  The panel displays all the affected assets and vulnerabilities associated with the vulnerability. You can analyze all the related vulnerabilities and handle multiple vulnerabilities at a time.
  - On the Detail tab, you can view the brief introduction and solution to this vulnerability.
  - On the Pending vulnerability tab, you can view the assets that are affected by this vulnerability.
    You can view the assets affected by the vulnerability and the status of the vulnerability. You can fix or ignore a vulnerability. You can also verify a vulnerability fix or add a vulnerability to the whitelist.
  On the Detail tab, click an asset in the Affected Assets column to go to the Vulnerabilities tab of the Assets page. On this tab, view the information about all Web-CMS vulnerabilities associated with this asset.
- View vulnerability priorities
  All Web-CMS vulnerabilities can cause serious damage. This is confirmed by Alibaba Cloud security engineers. Therefore, the priorities of detected Web-CMS vulnerabilities are High and marked in red.
  
  Note We recommend that you fix Web-CMS vulnerabilities at the earliest opportunity.
- Search for vulnerabilities
  On the Pending vulnerability tab, you can search for affected assets by vulnerability priority, VPC name, asset group, vulnerability status, server IP address, or server name. The vulnerability priority can be high, medium, or low. The vulnerability status can be handled or unhandled.
  
  Note Fuzzy match is supported for vulnerability search by server IP address or name.
- View vulnerability status
  - Handled
    - Handled: The vulnerability is fixed.
    - Ignored: The vulnerability is ignored. Security Center no longer generates alerts on this vulnerability.
    - Invalid: The vulnerability cannot be detected. You may have already deleted the file that contains the vulnerability.
  - Unhandled
    - Unfixed: The vulnerability is not fixed.
    - Fixing: The vulnerability is being fixed.
    - Fix Failed: Security Center failed to fix the vulnerability. The file that contains the vulnerability may have been modified or does not exist.
    - Verifying: Security Center is checking whether the vulnerability is fixed.
- Handle the vulnerabilities of the affected assets
  You can fix or ignore a vulnerability. You can also verify a vulnerability fix or add a vulnerability to the whitelist.
  - Fix vulnerabilities
    Click Fix in the Actions column to fix one or more associated vulnerabilities at a time. In the Repair dialog box, click Fix Now.
    
    Note To prevent service interruptions, we recommend that you back up the data in your system before you fix the vulnerability.
  - Verify: If you fix a vulnerability by using methods rather than Security Center, you must click Verify. After the verification, the status of the vulnerability is updated. If you fix a Web-CMS vulnerability by using Security Center, the fix immediately takes effect. You do not need to verify the fix.
  - Ignore a vulnerability
    Find the vulnerability that you want to ignore, click the icon in the Actions column, and then select Ignore. In the dialog box that appears, enter the description for the ignore operation and click OK. After a vulnerability is ignored, Security Center no longer generates alerts on this vulnerability.
    
    Search for Handled vulnerabilities, find the vulnerability that is ignored, and then click the vulnerability to go to the panel that shows the vulnerability details. In the panel, move the pointer over the icon in the Status column to view the description of the ignore operation.
    
    Note The state of this vulnerability changes to Ignored. If you want Security Center to generate alerts on an ignored vulnerability, find the vulnerability in the Handled vulnerability list and click Unignore in the panel.
- Export affected assets
  On the Pending vulnerability tab, click the icon above the asset list to export and save all affected assets to your computer. The assets are exported to an Excel file.
  
  Note The time to export the vulnerabilities varies based on the size of asset data.

Web-CMS vulnerabilities that can be detected


Type	Item
74CMS	Multiple SQL injection vulnerabilities in 74CMS
	Privilege escalation vulnerability in 74CMS
	SQL injection vulnerability in 74CMS
	Arbitrary file deletion vulnerability in 74CMS v4.1.15
	Arbitrary file read vulnerability in the latest version of 74CMS
DedeCMS	Variable overwrite vulnerability in DedeCMS
	Arbitrary file upload vulnerability in DedeCMS
	Reinstallation vulnerability in DedeCMS
	Injection vulnerability in DedeCMS
	File upload vulnerability in DedeCMS
	Password resetting vulnerability in DedeCMS
	Vulnerability of arbitrary user logon from the frontend caused by cookie leaks in DedeCMS
	SQL injection vulnerability caused by session variable overwrite in DedeCMS
	Vulnerability of arbitrary file upload at the backend in DedeCMS
	SQL injection vulnerability in DedeCMS
	Template SQL injection vulnerability in DedeCMS
	SQL injection vulnerability caused by cookie leaks in DedeCMS
	Payment plug-in injection vulnerability in DedeCMS
	Arbitrary file deletion by registered users in DedeCMS V5.7
	CSRF protection bypass vulnerability in DedeCMS V5.7
	Arbitrary file upload by common users in DedeCMS select_soft_post.php
	Arbitrary file upload vulnerability in DedeCMS V5.7 SP2 (CVE-2019-8362)
Discuz	Code execution vulnerability in Discuz
	MemCache + ssrf permission acquisition vulnerability (GetShell) in Discuz
	Backend SQL injection vulnerability in Discuz
	Arbitrary attachment download caused by privilege escalation vulnerabilities in Discuz
	Arbitrary file deletion vulnerability in Discuz
	Encrypted message forgery vulnerability caused by authcode function defects in Discuz
	Command execution vulnerability in the backend database backup feature of Discuz
ECShop	Code injection vulnerability in ECShop
	Password retrieval vulnerability in ECShop
	Injection vulnerability in ECShop
	ECShop backdoor
	Arbitrary user logon vulnerability in ECShop
	Backend SQL injection vulnerability in ECShop
	SQL injection vulnerability in ECShop
	Vulnerability of overwriting variables in the ECShop installation directory at the backend
	Code execution caused by SQL injection vulnerabilities in ECShop
	Secondary injection vulnerability in ECShop
	Backend permission acquisition vulnerability in ECShop (GetShell)
	Backend file download vulnerability in ECShop 2.7.3
FCKEditor	Arbitrary file upload vulnerability in FCKeditor
Joomla!	Remote code execution (RCE) vulnerability caused by malformed deserialized packet injection in Joomla!
	Unauthorized user creation vulnerability in Joomla! (CVE-2016-8870)
	Core SQL injection vulnerability in Joomla! 3.7.0
	SQL injection vulnerability in Joomla!
PHPCMS	Injection vulnerability in PHPCMS
	AuthKey leak vulnerability in PHPCMS
	Wide byte injection vulnerability in PHPCMS v9
	Arbitrary file read vulnerability caused by frontend code injection in PHPCMS
	Permission acquisition vulnerability caused by some logic issues in PHPCMS (GetShell)
	AuthKey leak caused by AuthKey generation algorithm issues in PHPCMS
	SQL injection vulnerability in PHPCMS v9.6.2
	common.inc RCE vulnerability in PHPCMS 2008
	RCE vulnerability in template cache of PHPCMS 2008
phpMyAdmin	Deserialized injection vulnerability in phpMyAdmin
	CVE-2016-6617 SQL injection vulnerability in phpMyAdmin
	Permission acquisition vulnerability caused by checkPageValidity function defects in phpMyAdmin version 4.8.1 and earlier (GetShell)
	phpMyAdmin 4.8.5
PHPWind	GET request CSRF vulnerability in PHPWind v9 task center
	Permission acquisition vulnerability caused by MD5 padding vulnerabilities in PHPWind v9 (GetShell)
	Backend SQL injection vulnerability in PHPWind
	Cross-site scripting (XSS) injection into UBB tag attributes in PHPWind
ThinkPHP5	Medium-risk permission acquisition vulnerability caused by cache function design flaws in ThinkPHP 5.0.10-3.2.3 (GetShell)
	High-risk RCE vulnerability in ThinkPHP 5.0
	RCE vulnerability in ThinkPHP 5.1.X (X less than or equal to 30)
	High-risk Request.php RCE vulnerability in versions earlier than ThinkPHP 5.0.24
WordPress	Arbitrary file upload vulnerability in WordPress
	IP address verification vulnerability in WordPress
	WP_Image_Editor_Imagick instruction injection vulnerability in WordPress
	XSS vulnerability in the bbPress plug-in of WordPress
	Mailpress RCE vulnerability in WordPress
	DOS vulnerability caused by arbitrary directory traversal in the backend plug-in update module of WordPress
	SQL injection vulnerability caused by arbitrary user logon to the backend plug-in of WordPress
	Username enumeration vulnerability in versions earlier than WordPress 4.7.1 (CVE-2017-5487)
	SQL injection vulnerability in WordPress
	XSS vulnerability in WordPress
	Content injection vulnerability in WordPress
	RCE vulnerabilities caused by the sitename field in WordPress Mail
	SQL injection vulnerability in the Catalogue plug-in of WordPress
	Arbitrary file deletion vulnerability in WordPress
	Permission acquisition vulnerability caused by multiple defects, such as Author permission path traversal in WordPress (GetShell)

References

How often does Security Center detect vulnerabilities?

What are the differences between baselines and vulnerabilities?

What do I do if I cannot enable the vulnerability detection feature for a server on the Assets page?