Vulnerabilities > CVE-2020-28145 - Exposure of Resource to Wrong Sphere vulnerability in Wuzhicms 4.0.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

wuzhicms

CWE-668

NVD

Published: 2021-10-12

Updated: 2021-10-18

Summary

Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Wuzhicms Wuzhicms Wuzhicms 4.0.1	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://github.com/wuzhicms/wuzhicms/issues/191
https://www.cnvd.org.cn/flaw/show/2394661