All Products
Document Center

[Vulnerability notice] Protection bypass vulnerability in global variable in Discuz! 6.x/7.x

Last Updated: May 07, 2018


Discuz! is an Internet forum software written in PHP, which supports MySQL and PostgreSQL databases. It is the most popular Internet forum program used in China.

However, the GLOBALS variable of Discuz! can be overwritten. As a result, hackers can run commands directly on the page under specific conditions, exposing the website to intrusion risks.

Affected versions

Discuz! 6.x/7.x


Since Discuz! 6.x/7.x are no longer officially maintained, we recommend that you upgrade your Discuz! to the latest version with an immediate effect.