edit-icon download-icon

[Vulnerability notice] Unconditional arbitrary file reading vulnerability in PHPCMS v9.6.1

Last Updated: Apr 18, 2018

The well-known website content management system PHPCMS v9.6.1 has an unconditional arbitrary file reading vulnerability. The vulnerability allows a hacker to read database configuration files, obtain authkey, perform SQL injection, and obtain users’ sensitive information.

See the following for more information about the vulnerability.


CVE identifier

None

Vulnerability name

PHPCMS v9.6.1 unconditional arbitrary file reading vulnerability

Vulnerability rating

High

Vulnerability description

The vulnerability allows a hacker to read database configuration files, obtain authkey, and perform malicious high-risk operations such as SQL injection and obtaining users’ sensitive information.

Condition and method of exploitation

Remote exploitation

Affected scope

PHPCMS v9.6.1

Vulnerability detection

Check whether any affected version of Apache Hadoop is used.

How to fix or mitigate

Upgrade to the official latest version immediately.

Thank you! We've received your feedback.