edit-icon download-icon

[Vulnerability notice] SQL injectioin vulnerability in DedeCMS resulting from cookie leaks

Last Updated: Nov 08, 2017


DedeCMS is a simple and useful open source PHP website management system. DedeCMS uses the mchStrCode function to prevent data tampering. However, the key in this function can be cracked.

Attackers can exploit this vulnerability to construct malicious requests to launch web SQL injection attacks on the website, and then steal the website data or further break into the server.


Using Alibaba Cloud Security Server Guard Professional Edition can fix this vulnerability with easy operation. Server Guard can modify the vulnerable code to completely eliminate this vulnerability.

For more information, see Fix Web-CMS vulnerabilities.

Thank you! We've received your feedback.