"Zhimeng" CMS injection high-risk Vulnerabilities |
|
Author: Time: |
|
"Zhimeng" CMS is a website construction system software developed by Shanghai Zhuo Network Technology Co., Ltd., also known as "Dede Content Management System", which is widely used in China. On September 6, February 25, 2014, the software was revealed to have a high-risk vulnerability. Because the page parameters were not strictly filtered, the software had the SQL injection vulnerability. The affected CMS versions include v 5.7 SP1 and earlier versions. By February 28, attacks against this vulnerability were publicly spread over the Internet using code and related exploitation tools. Attackers can exploit this vulnerability to directly obtain website database information and obtain website background management permissions. In the future, attackers can gain further control over WebSite Services. According to the monitoring of the national Internet emergency center, attacks against this vulnerability have recently showed a large-scale outbreak trend, posing a serious threat to website operation security and user personal information security, vulnerability reporting and handling are being intensified.
Vulnerability prevention and handling suggestions
Currently, software vendors have released patches for this vulnerability. We recommend that you download the patch from the official website of the manufacturer and upgrade it in a timely manner, and restrict website management backend access to IP addresses. The website server has been infiltrated. We recommend that you thoroughly clean up the website server, clear suspicious files, accounts, and Backdoor programs, and upgrade dedecms to change the management background account and password. |
"Zhimeng" CMS injection high-risk Vulnerabilities