edit-icon download-icon

[Vulnerability notice] Protection bypass vulnerability in global variable in Discuz! 6.x/7.x

Last Updated: May 07, 2018

Description

Discuz! is an Internet forum software written in PHP, which supports MySQL and PostgreSQL databases. It is the most popular Internet forum program used in China.

However, the GLOBALS variable of Discuz! can be overwritten. As a result, hackers can run commands directly on the page under specific conditions, exposing the website to intrusion risks.

Affected versions

Discuz! 6.x/7.x

Fix

Since Discuz! 6.x/7.x are no longer officially maintained, we recommend that you upgrade your Discuz! to the latest version with an immediate effect.

Thank you! We've received your feedback.