Vulnerabilities > CVE-2020-28145 - Exposure of Resource to Wrong Sphere vulnerability in Wuzhicms 4.0.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
wuzhicms
CWE-668

Summary

Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.

Vulnerable Configurations

Part Description Count
Application
Wuzhicms
1

Common Weakness Enumeration (CWE)