All Products
Document Center

[Vulnerability notice] Backend logon bypassing vulnerability in DuxCms

Last Updated: Nov 09, 2017


DuxCms is a PHP + MySQL based website management system featuring free, open source, and easy to use.

The DuxCms logon page has a web SQL injection vulnerability. Attackers can construct a special account and password to directly log on to the backend.


Upgrade DuxCms to the latest version from DuxCms’s official website.