On April 10, 2017, it was revealed that PHPCMS has a high-risk SQL injection vulnerability. The vulnerability allows an attacker to start remote SQL injection attacks, which results in data leakage. The vulnerability PoC is revealed, which indicates extremely high risk.
See the following for more information about the vulnerability.
PHPCMS SQL injection vulnerability
By submitting simple and maliciously constructed parameters, an attacker can start remote injection attacks by using tools and obtain the website database data.
Condition and method of exploitation
How to fix or mitigate
Upgrade to the PHPCMS official release 9.6.1 or later to fix the vulnerability.
Use Alibaba Cloud Security WAF for defense.