ECshop is an independent B2C online shop system for businesses and individuals to quickly build personalized online stores. The system is based on PHP + MySQL, and developed as a cross-platform open source program.
ECshop does not impose strict filtering policies for some parameters. Attackers can construct a malicious request to start web SQL injection attacks on the website, further steal the website data, or even break into the server.
All versions of ECshop
If your website has had ECshop test data installed, delete the two default backend accounts (
bjgonghuo1) in the test data with an immediate effect.
Using Alibaba Cloud Security Web Application Firewall can intercept the attacking code targeting this vulnerability.
Stay tuned for the latest patches to be released on the ECshop official website.