edit-icon download-icon

[Vulnerability notice] File upload vulnerability in CmsEasy

Last Updated: Nov 08, 2017

Description

CmsEasy is a web content management system based on PHP + MySQL architecture, but also a PHP development platform. The early versions of CmsEasy don’t have a completely security filtering feature, that allows hackers to upload Webshell files.

A malicious attacker can exploit the /celive/live/doajaxfileupload.php code of CmsEasy to bypass the suffix filtering policy, and upload malicious files directly, and then get access to the permissions for the entire website.

Fix

Upgrade CmsEasy to the latest version from the CmsEasy official website.

Thank you! We've received your feedback.