On September 29, 2017, a high-risk vulnerability of the forum system Discuz! was exposed. Hackers can log on to the front-end and delete an arbitrary file. Websites using Discuz! have high security risks.
See the following for more information about the vulnerability.
Arbitrary file deletion vulnerability on the Discuz! front-end
A malicious attacker can submit a specially crafted set of packets to user profile editing fields in Discuz!, resulting in deletion of an arbitrary file.
Condition and method of exploitation
The website was constructed on an affected version of Discuz!.
Discuz! X 2.5-3.4
Check whether any affected version of Discuz! is used.
How to fix or mitigate
A new version in which the vulnerability is fixed is not yet released. However, you can update your spacecp_profile.php file as needed.
Use Alibaba Cloud Security WAF to defend against this vulnerability.