PHPWind is a PHP and MySQL-based forum program, and one of the most commonly used forum programs.
The encryption algorithm of a PHPWind interface is poorly written and designed. As a result, the interface signature may be brute-forced. Attackers can exploit this vulnerability to gain the website’s secretkey to break into the website.
PHPWind 9.0 and later
Use Alibaba Cloud Security Web Application Firewall to intercept the attacking code for this vulnerability.
Use Alibaba Cloud Security Server Guard Professional Edition to fix this vulnerability. Server Guard can modify the vulnerable code to eliminate this vulnerability.
Follow the PHPWind’s official solutions to repair your website code.
Note: To avoid data loss, make a backup before upgrading, or create a hard disk snapshot for ECS.