All Products
Document Center

[Vulnerability notice] Multiple SQL injection vulnerabilities in Micro-engine

Last Updated: Apr 18, 2018

Vulnerability description

Micro-engine V0.7 does not strictly filter certain parameters. As a result, an attacker can construct malicious requests and start SQL injection attacks against the website to steal website data or further intrude into the server.

Affected scope

Micro-engine V0.7

How to fix

  • Use Alibaba Cloud Security WAF to intercept the attack code of this vulnerability.

  • Pay attention to the latest patch released on the Micro-engine website.