edit-icon download-icon

[Vulnerability notice] CNVD-2017-10421: Backend file vulnerability in PHPcms V9.6.3

Last Updated: Apr 08, 2018

On July 31, 2017, CNVD issued a security notice about a PHPcms vulnerability. The vulnerability in the PHP9.6s V9.6.3 backend file allows an attacker to include the single-statement Trojan horse to obtain the administrator privilege for the website server. The vulnerability is risky.

See the following for more information about the vulnerability.


CNVD identifier

CNVD-2017-10421

Vulnerability name

PHPcms V9.6.3 backend file vulnerability

Vulnerability rating

High

Vulnerability description

The PHP9.6s V9.6.3 backend file has a file include vulnerability. This vulnerability allows an attacker to include the single-statement Trojan horse to obtain the administrator privilege for the website server.

Condition and method of exploitation

Remote exploitation

Affected scope

PHPcms V9.6.3

Vulnerability detection

Check whether the PHPcms version is 9.6.3.

How to fix or mitigate

Upgrade PHPcms to the latest official release.

Thank you! We've received your feedback.