edit-icon download-icon

[Vulnerability notice] Backend logon bypassing vulnerability in DuxCms

Last Updated: Nov 09, 2017

Description

DuxCms is a PHP + MySQL based website management system featuring free, open source, and easy to use.

The DuxCms logon page has a web SQL injection vulnerability. Attackers can construct a special account and password to directly log on to the backend.

Fix

Upgrade DuxCms to the latest version from DuxCms’s official website.

Thank you! We've received your feedback.