The well-known website content management system PHPCMS v9.6.1 has an unconditional arbitrary file reading vulnerability. The vulnerability allows a hacker to read database configuration files, obtain authkey, perform SQL injection, and obtain users’ sensitive information.
See the following for more information about the vulnerability.
PHPCMS v9.6.1 unconditional arbitrary file reading vulnerability
The vulnerability allows a hacker to read database configuration files, obtain authkey, and perform malicious high-risk operations such as SQL injection and obtaining users’ sensitive information.
Condition and method of exploitation
Check whether any affected version of Apache Hadoop is used.
How to fix or mitigate
Upgrade to the official latest version immediately.