On April 10, 2017, a high-risk vulnerability was detected in PHPCMS. The vulnerability allows an attacker to directly upload arbitrary files by using the front page to obtain the website administrator privilege. The vulnerability PoC is revealed, which indicates extremely high risk.
See the following for more information about the vulnerability.
CVE identifier
None
Vulnerability name
PHPCMS front-page arbitrary file upload vulnerability
Vulnerability rating
High
Vulnerability description
By submitting simple and maliciously constructed parameters, an attacker can directly upload arbitrary files by using tools to obtain the website administrator privilege.
Condition and method of exploitation
Remote exploitation
Affected scope
PHPCMS 9.6.0
How to fix or mitigate
Upgrade to the PHPCMS official release 9.6.1 or later to fix the vulnerability.
Use Alibaba Cloud Security WAF for defense.