Recently, we have received a notice from Shanghai Kuangchuang Information Technology Co., Ltd. reminding us that there are relevant vulnerabilities in the application center client. This is hereby announced.
Please update the "Application Center" plug-in immediately to avoid the impact of this vulnerability.
Thanks: secz.org SameleTom( https://github.com/SameleTom )
CVE-2018-6656: This vulnerability is serious. It can delete certain files, making your website unable to work properly. However, your website data, including articles, comments, and user passwords, are still secure.
CVE-2018-8893: This vulnerability is extremely serious and may lead to the seizure of control of your website.
Scope of influence
Version: In February 2018, the application center was not updated to the latest version of Z-BlogPHP
Premises for use: 1 The website has enabled the application center client 2 You clicked a malicious link constructed by someone else
Repair method
Click "Application Center" on the left, click "Find Application Update", and update the plug-in of "Application Center".
We are very sorry that our negligence has caused a security threat to your website. In the future, we will pay more attention to the security requirements in PHP development.
Vulnerability submission channel
Due to the particularity of security vulnerabilities, we do not want you to publish vulnerabilities through open channels.
You can submit vulnerabilities to us in the following ways:
1. 360 Sky Bug Emergency Response Center: https://butian.360.cn/Loo/submit
2. Alibaba Cloud Shield Prophet Plan: http://xianzhi.aliyun.com/firm/detail.htm?id=27
3. Email: [Base64] Y29udGFjdEByYWluYm93c29mdC5vcmc=