edit-icon download-icon

[Vulnerability notice] Arbitrary file download vulnerability in FengCMS

Last Updated: Apr 18, 2018

Vulnerability description

FengCMS is a compact CMS management system.

In July 2014, it was detected that FengCMS had an arbitrary file download vulnerability, which can be exploited by attackers to obtain information, such as the authentication code and database account and password. The vulnerability file is in /app/controller/downController.php.

How to fix

Upgrade FengCMS to the latest official version.

Thank you! We've received your feedback.