Web Vulnerability Check
Web Vulnerability Check automatically detects risk points in the Web services and frameworks deployed on your server, providing repair suggestions for the identified issues.
Detection Principle
The detection mechanism works by deploying the installed Agent client on the system, searching for corresponding Web configurations, Web environment settings, and specified parameters. Using loaded configuration rule files, security risk detection is performed locally. Different detection items adopt different rules to check for risk characteristics. When a risk rule is triggered, it alerts the risk point and provides repair suggestions.
Detection Cycle
- The plugin will scan immediately upon startup or restart, and by default, scans every 12 hours.
- After cleaning the risk, the risk will be checked again within 12 hours. If the risk is found to be fixed, the alert will be automatically deleted.
Detection Items
| Category | Detection Item | Description | Corresponding Version |
|---|---|---|---|
| Web | Web-CMS Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Wordpress SQL Injection Vulnerability and Privilege Escalation Vulnerability (CVE-2015-2213) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Discuz 5.x 6.x 7.x Front-end SQL Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Discuz 7.2 SQL Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Tomcat Admin Backend | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Unremoved .git Directory | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | WordPress SQL Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Unremoved .svn Directory | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | phpMyAdmin Login Bypass | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Thinkphp 3.0-3.1 Remote Code Execution Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | FineCMS Remote Arbitrary PHP Code Execution Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | phpCMS v9.6.0 Version SQL Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Dedecms SQL Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Joomla 3.x SQL Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Metinfo 5.3.1 Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | EmpireCMS SQL Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Seacms Remote Code Execution Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | FineCMS File Upload Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | FineCMS SQL Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Beescms SQL Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | SquirrelMail Remote Code Execution Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | HDWiki SQL Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Destoon General SQL Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Drupal Core 8.4.x Remote Code Execution Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Drupal Core 8.5.x Remote Code Execution Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Drupal Core 7.x Remote Code Execution Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | PHPMailer Remote Code Execution | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Zabbix SQL Injection Vulnerability (CVE-2013-5743) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Cacti Arbitrary Command Execution Vulnerability (CVE-2014-2709) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Yii SQL Injection Vulnerability (CNNVD-201803-755) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | CodeIgniter Remote PHP Code Injection Vulnerability (CVE-2014-8684) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | phpinfo Disclosure | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | phpCMS 9.3.1 File Upload Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Discuz x3.2 Front-end GET SQL Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Struts2-057 2.5.x Remote Code Execution Vulnerability (CVE-2018-11776) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Struts2-057 2.3.x Remote Code Execution Vulnerability (CVE-2018-11776) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | JeeCMS V2.4.2 ArtiSearch.do Remote Command Execution Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Website Installation Files Not Deleted | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | ECSHOP 2.7.3 Code Execution Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | ECSHOP 3.x Code Execution Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | ECSHOP 2.7.2 SQL Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Thinkphp 5.0.x-5.0.23 Code Execution Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | FastAdmin Remote Code Execution Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Unremoved .ds_store File | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Unremoved .idea Directory | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Drupal SA-CORE-2019-003 Remote Command Execution | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Nexus Repository Manager 3 Remote Code Execution Vulnerability (CVE-2019-7238) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Confluence Unauthorized RCE (CVE-2019-3396) Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Jenkins Deserialization Remote Code Execution Vulnerability (CVE-2015-8103) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Jenkins Deserialization Remote Code Execution Vulnerability (CVE-2017-1000353) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Piwik Superuser Plugin Upload Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Piwik Remote Code Execution Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Piwik 2.16.0 Object Injection | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Struts2-048 Remote Code Execution Vulnerability (CVE-2017-9791) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Struts2-053 Remote Code Execution Vulnerability (CVE-2017-12611) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | WordPress Arbitrary File Upload Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | PHPMailer Remote Code Execution Vulnerability (CVE-2016-10033) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Jenkins Remote Code Execution Vulnerability (CVE-2019-1003000) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | phpMyAdmin Arbitrary File Inclusion / Remote Code Execution Vulnerability (CVE-2018-19968) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | WebLogic Server Deserialization Vulnerability (CVE-2019-2725) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Database File Disclosure | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Jenkins Deserialization Remote Code Execution Vulnerability (CVE-2015-8103) | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | Thinkphp 3.2.3 SQL Injection Vulnerability | Please follow up on the latest vulnerability alerts and patches | V3.0 |
| Web | PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) | Please follow up on the latest vulnerability alerts and patches | V3.0 |