Vulnerabilities > Wuzhi CMS Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-05 | CVE-2018-18939 | Cross-site Scripting vulnerability in Wuzhi CMS Project Wuzhi CMS 4.1.0 An issue was discovered in WUZHI CMS 4.1.0. | 3.5 |
| 2018-10-01 | CVE-2018-17852 | SQL Injection vulnerability in Wuzhi CMS Project Wuzhi CMS 4.1.0 A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. | 7.5 |
| 2018-09-02 | CVE-2018-16350 | Cross-site Scripting vulnerability in Wuzhi CMS Project Wuzhi CMS 4.1.0 WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. | 4.3 |
| 2018-09-02 | CVE-2018-16349 | Cross-site Scripting vulnerability in Wuzhi CMS Project Wuzhi CMS 4.1.0 WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. | 4.3 |
| 2018-08-27 | CVE-2018-15894 | SQL Injection vulnerability in Wuzhi CMS Project Wuzhi CMS 4.1.0 A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter. | 7.5 |
| 2018-08-27 | CVE-2018-15893 | SQL Injection vulnerability in Wuzhi CMS Project Wuzhi CMS 4.1.0 A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter. | 7.5 |
| 2018-07-23 | CVE-2018-14515 | SQL Injection vulnerability in Wuzhi CMS Project Wuzhi CMS 4.1.0 A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. | 7.5 |
| 2018-07-23 | CVE-2018-14513 | Cross-site Scripting vulnerability in Wuzhi CMS Project Wuzhi CMS 4.1.0 An XSS vulnerability was discovered in WUZHI CMS 4.1.0. | 4.3 |