A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
The attacker login to the system backstage management page, can attack the server through the PHP one-sentence Trojan horse, obtain the control authority of the server, seriously threaten the security of server assets, and this CMS belongs to the commercial, the influence range is very wide.
exploit
1.When using an administrator's account to entry the backstage web page, users could modify any documents of Document Management in the program of Website Safety,lead to Remote code execution vulnerability. (as shown in illustration)
2. Try to unfold any one of PHP documents, modify it, input a line code of PHP and then save it.
3. Connecting with Cknife, the password is cmd111(as shown in illustration), enabling to getshell directly.