edit-icon download-icon

[Vulnerability notice] Code injection vulnerability caused by Discuz! uc_key leakage

Last Updated: Apr 18, 2018

Vulnerability description

In Discuz!, uc_key is the key for communication between the UC client and the server. The /api/uc.php file in Discuz! has a code writing vulnerability, through which hackers can write malicious code to get uc_key and enter the website backend, causing data leakage.

How to fix

Upgrade Discuz-uc to the latest version.

Thank you! We've received your feedback.