On April 10, 2017, a high-risk vulnerability was detected in PHPCMS. The vulnerability allows an attacker to directly upload arbitrary files by using the front page to obtain the website administrator privilege. The vulnerability PoC is revealed, which indicates extremely high risk.
See the following for more information about the vulnerability.
PHPCMS front-page arbitrary file upload vulnerability
By submitting simple and maliciously constructed parameters, an attacker can directly upload arbitrary files by using tools to obtain the website administrator privilege.
Condition and method of exploitation
How to fix or mitigate
Upgrade to the PHPCMS official release 9.6.1 or later to fix the vulnerability.
Use Alibaba Cloud Security WAF for defense.