edit-icon download-icon

[Vulnerability notice] CmsEasy front-end unrestricted GetShell vulnerability

Last Updated: May 04, 2018

Recently, Chinese security researchers detected a vulnerability in CmsEasy. An attacker can submit a malicious link on the front-end to obtain the website administrator’s privileges, resulting in leakage of sensitive data on the website. This vulnerability brings high security risks.

See the following for more information about the vulnerability.


CVE identifier

None

Vulnerability name

CmsEasy front-end unrestricted GetShell vulnerability

Vulnerability rating

High

Vulnerability description

The vulnerability allows an unauthorized attacker to upload a Webshell file over a specially crafted malicious link. The attacker then obtains the Webshell permission of the CmsEasy system, resulting in leakage of sensitive system data.

Condition and method of exploitation

Remote exploitation

Affected scope

CmsEasy <= 5.6_20160825

How to fix or mitigate

Back up the existing files and data. Download the package upgrade_20161012, decompress it, and upload it to overwrite the CmsEasy installation folder.

Thank you! We've received your feedback.