edit-icon download-icon

[Vulnerability notice] Arbitrary code execution vulnerability in Discuz! upgrade/conversion tool

Last Updated: Nov 08, 2017

Description

The Discuz! upgrade/conversion tool is a commonly used plug-in in Discuz!. This tool has a design defect that allows hackers to construct a special request to generate webshell on your website, and then get the administrator access.

Fix

Upgrade the upgrade/conversion tool to the latest version from the Discuz! official website.

Thank you! We've received your feedback.