edit-icon download-icon

[Vulnerability notice] Front-page arbitrary file upload vulnerability in PHPCMS

Last Updated: Apr 18, 2018

On April 10, 2017, a high-risk vulnerability was detected in PHPCMS. The vulnerability allows an attacker to directly upload arbitrary files by using the front page to obtain the website administrator privilege. The vulnerability PoC is revealed, which indicates extremely high risk.

See the following for more information about the vulnerability.


CVE identifier

None

Vulnerability name

PHPCMS front-page arbitrary file upload vulnerability

Vulnerability rating

High

Vulnerability description

By submitting simple and maliciously constructed parameters, an attacker can directly upload arbitrary files by using tools to obtain the website administrator privilege.

Condition and method of exploitation

Remote exploitation

Affected scope

PHPCMS 9.6.0

How to fix or mitigate

  • Upgrade to the PHPCMS official release 9.6.1 or later to fix the vulnerability.

  • Use Alibaba Cloud Security WAF for defense.

Thank you! We've received your feedback.