All Products
Document Center

[Vulnerability notice] SQL injection vulnerability in faq.php in Discuz! 7.2

Last Updated: Nov 08, 2017


Discuz! is an Internet forum software written in PHP, that supports MySQL and PostgreSQL databases. It is the most popular Internet forum program used in China.

The faq.php file in Discuz! 7.2 has a web SQL injection vulnerability, through which hackers can directly generate webshell on your website.

Affected versions

Discuz! 7.2


Upgrade Discuz! to the latest version from the official website as soon as possible.