edit-icon download-icon

[Vulnerability notice] SQL injection vulnerability in faq.php in Discuz! 7.2

Last Updated: Nov 08, 2017

Description

Discuz! is an Internet forum software written in PHP, that supports MySQL and PostgreSQL databases. It is the most popular Internet forum program used in China.

The faq.php file in Discuz! 7.2 has a web SQL injection vulnerability, through which hackers can directly generate webshell on your website.

Affected versions

Discuz! 7.2

Fix

Upgrade Discuz! to the latest version from the official website as soon as possible.

Thank you! We've received your feedback.