Vulnerability description
In Discuz!, uc_key is the key for communication between the UC client and the server. The /api/uc.php
file in Discuz! has a code writing vulnerability, through which hackers can write malicious code to get uc_key and enter the website backend, causing data leakage.
How to fix
Upgrade Discuz-uc to the latest version.