All Products
Document Center

[Vulnerability notice] SQL injection vulnerability in user_reg.php in 74CMS

Last Updated: Oct 31, 2017


74 CMS imposes lax filtering policies for some parameters, that allows attackers to construct a malicious request to launch SQL injection attacks on the website and further steal the website data or break into the server.

Affected versions

All versions of 74 CMS.


  1. Alibaba Cloud Security Web Application Firewall service can intercept the attacking code for this vulnerability.

  2. Apply the latest patches released on the 74 CMS official website.