Skip to Content

Web Vulnerability Check

Web Vulnerability Check automatically detects risk points in the Web services and frameworks deployed on your server, providing repair suggestions for the identified issues.

Detection Principle

The detection mechanism works by deploying the installed Agent client on the system, searching for corresponding Web configurations, Web environment settings, and specified parameters. Using loaded configuration rule files, security risk detection is performed locally. Different detection items adopt different rules to check for risk characteristics. When a risk rule is triggered, it alerts the risk point and provides repair suggestions.

Detection Cycle

  • The plugin will scan immediately upon startup or restart, and by default, scans every 12 hours.
  • After cleaning the risk, the risk will be checked again within 12 hours. If the risk is found to be fixed, the alert will be automatically deleted.

Detection Items

CategoryDetection ItemDescriptionCorresponding Version
WebWeb-CMS VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebWordpress SQL Injection Vulnerability and Privilege Escalation Vulnerability (CVE-2015-2213)Please follow up on the latest vulnerability alerts and patchesV3.0
WebDiscuz 5.x 6.x 7.x Front-end SQL Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebDiscuz 7.2 SQL Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebTomcat Admin BackendPlease follow up on the latest vulnerability alerts and patchesV3.0
WebUnremoved .git DirectoryPlease follow up on the latest vulnerability alerts and patchesV3.0
WebWordPress SQL Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebUnremoved .svn DirectoryPlease follow up on the latest vulnerability alerts and patchesV3.0
WebphpMyAdmin Login BypassPlease follow up on the latest vulnerability alerts and patchesV3.0
WebThinkphp 3.0-3.1 Remote Code Execution VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebFineCMS Remote Arbitrary PHP Code Execution VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebphpCMS v9.6.0 Version SQL Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebDedecms SQL Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebJoomla 3.x SQL Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebMetinfo 5.3.1 Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebEmpireCMS SQL Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebSeacms Remote Code Execution VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebFineCMS File Upload VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebFineCMS SQL Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebBeescms SQL Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebSquirrelMail Remote Code Execution VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebHDWiki SQL Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebDestoon General SQL Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebDrupal Core 8.4.x Remote Code Execution VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebDrupal Core 8.5.x Remote Code Execution VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebDrupal Core 7.x Remote Code Execution VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebPHPMailer Remote Code ExecutionPlease follow up on the latest vulnerability alerts and patchesV3.0
WebZabbix SQL Injection Vulnerability (CVE-2013-5743)Please follow up on the latest vulnerability alerts and patchesV3.0
WebCacti Arbitrary Command Execution Vulnerability (CVE-2014-2709)Please follow up on the latest vulnerability alerts and patchesV3.0
WebYii SQL Injection Vulnerability (CNNVD-201803-755)Please follow up on the latest vulnerability alerts and patchesV3.0
WebCodeIgniter Remote PHP Code Injection Vulnerability (CVE-2014-8684)Please follow up on the latest vulnerability alerts and patchesV3.0
Webphpinfo DisclosurePlease follow up on the latest vulnerability alerts and patchesV3.0
WebphpCMS 9.3.1 File Upload VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebDiscuz x3.2 Front-end GET SQL Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebStruts2-057 2.5.x Remote Code Execution Vulnerability (CVE-2018-11776)Please follow up on the latest vulnerability alerts and patchesV3.0
WebStruts2-057 2.3.x Remote Code Execution Vulnerability (CVE-2018-11776)Please follow up on the latest vulnerability alerts and patchesV3.0
WebJeeCMS V2.4.2 ArtiSearch.do Remote Command Execution VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebWebsite Installation Files Not DeletedPlease follow up on the latest vulnerability alerts and patchesV3.0
WebECSHOP 2.7.3 Code Execution VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebECSHOP 3.x Code Execution VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebECSHOP 2.7.2 SQL Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebThinkphp 5.0.x-5.0.23 Code Execution VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebFastAdmin Remote Code Execution VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebUnremoved .ds_store FilePlease follow up on the latest vulnerability alerts and patchesV3.0
WebUnremoved .idea DirectoryPlease follow up on the latest vulnerability alerts and patchesV3.0
WebDrupal SA-CORE-2019-003 Remote Command ExecutionPlease follow up on the latest vulnerability alerts and patchesV3.0
WebNexus Repository Manager 3 Remote Code Execution Vulnerability (CVE-2019-7238)Please follow up on the latest vulnerability alerts and patchesV3.0
WebConfluence Unauthorized RCE (CVE-2019-3396) VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebJenkins Deserialization Remote Code Execution Vulnerability (CVE-2015-8103)Please follow up on the latest vulnerability alerts and patchesV3.0
WebJenkins Deserialization Remote Code Execution Vulnerability (CVE-2017-1000353)Please follow up on the latest vulnerability alerts and patchesV3.0
WebPiwik Superuser Plugin Upload VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebPiwik Remote Code Execution VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebPiwik 2.16.0 Object InjectionPlease follow up on the latest vulnerability alerts and patchesV3.0
WebStruts2-048 Remote Code Execution Vulnerability (CVE-2017-9791)Please follow up on the latest vulnerability alerts and patchesV3.0
WebStruts2-053 Remote Code Execution Vulnerability (CVE-2017-12611)Please follow up on the latest vulnerability alerts and patchesV3.0
WebWordPress Arbitrary File Upload VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebPHPMailer Remote Code Execution Vulnerability (CVE-2016-10033)Please follow up on the latest vulnerability alerts and patchesV3.0
WebJenkins Remote Code Execution Vulnerability (CVE-2019-1003000)Please follow up on the latest vulnerability alerts and patchesV3.0
WebphpMyAdmin Arbitrary File Inclusion / Remote Code Execution Vulnerability (CVE-2018-19968)Please follow up on the latest vulnerability alerts and patchesV3.0
WebWebLogic Server Deserialization Vulnerability (CVE-2019-2725)Please follow up on the latest vulnerability alerts and patchesV3.0
WebDatabase File DisclosurePlease follow up on the latest vulnerability alerts and patchesV3.0
WebJenkins Deserialization Remote Code Execution Vulnerability (CVE-2015-8103)Please follow up on the latest vulnerability alerts and patchesV3.0
WebThinkphp 3.2.3 SQL Injection VulnerabilityPlease follow up on the latest vulnerability alerts and patchesV3.0
WebPHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)Please follow up on the latest vulnerability alerts and patchesV3.0