Easy enterprise CMS（yiqicms is the domestic well-known marketing enterprise built Station system, based on PHP+MySQL development. Free and open source, on SEO more friendly. Recently, Ali's patch monitoring platform Diviner monitoring to yiqicms in a particular case is Getshell vulnerabilities.
The emergence of the vulnerability of the program from the yiqicms1. 8 The following version, in some Web-kit can trigger Getshell vulnerabilities.
error_reporting(E_ALL ^ E_NOTICE);
$step = $_GET["step"];
$action = $_POST["action"];
if($action == "save") //not using the install. lock similar mechanism the authentication mechanism, enter the installation process, may lead to a reload
$dbhost = $_POST["dbhost"];
$dbname = $_POST["dbname"];
$dbuser = $_POST["dbuser"];
$dbpass = $_POST["dbpass"];
$dbprefix = $_POST["dbprefix"];
$adminuser = $_POST["username"];
$adminpass = $_POST["userpass"];
.... Omitted several lines
$configsource = "<? php \n\$cfg_db_host = \“$dbhost\”;\n\n". $dbhost using a”number, through the implantation of a special password or database name of the incoming malicious data to the$configsource