CmsEasy is a web content management system based on PHP + MySQL architecture, but also a PHP development platform. The early versions of CmsEasy don’t have a completely security filtering feature, that allows hackers to upload Webshell files.
A malicious attacker can exploit the
/celive/live/doajaxfileupload.php code of CmsEasy to bypass the suffix filtering policy, and upload malicious files directly, and then get access to the permissions for the entire website.
Upgrade CmsEasy to the latest version from the CmsEasy official website.