Note: If the affected URL contains
/favicon.ico/a.php, see FastCGI analysis vulnerability.
Code execution vulnerabiliy refers to a critical vulnerability in which the application does not have a security filtering policy on parameters passing in commands. As a result, malicious attackers can control the final command to be executed, and then break into the system and cause serious damage.
Attackers can exploit this vulnerability to execute arbitrary code.
Strictly control program parameters, especially for the “&”, “&&”, “|”, “||”, “eval”, and “execute” parameters.
Remove direct command execution functions such as “system” from the code, or prohibit passing external incoming parameter values to this type of executable function parameters.
If you are using a third-party program, upgrade it to the latest version.
Use an open source vulnerability repair plugin.
Note: This solution requires that the website administrators have programming skills and are capable of modifying server code.