The user_can() function allows guests to bypass the authentication process (influenced version 1.7~1.8)
ajax.php arbitrary execution vulnerability
This patch is an important security patch, and there has been a large-scale exploit attack, please upgrade to newest release immediately
1.user_can() 函数 游客越过鉴权的问题 (影响范围1.7~1.8) 2.ajax.php 任意执行漏洞 此patch为重要安全漏洞,已出现大范围利用攻击,请务必更新
English Version: