Vulnerabilities > Wuzhicms

DATE CVE VULNERABILITY TITLE RISK
2024-01-10 CVE-2023-52064 SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.
network
low complexity
wuzhicms CWE-89
critical
9.8
2023-11-01 CVE-2023-46482 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.
network
low complexity
wuzhicms CWE-89
critical
9.8
2023-08-11 CVE-2020-36037 Unspecified vulnerability in Wuzhicms 4.1.0
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.
network
low complexity
wuzhicms
8.8
2023-06-20 CVE-2020-20413 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.
network
low complexity
wuzhicms CWE-89
critical
9.8
2023-06-20 CVE-2020-21325 Unrestricted Upload of File with Dangerous Type vulnerability in Wuzhicms 4.1.0
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.
network
low complexity
wuzhicms CWE-434
8.8
2023-05-23 CVE-2023-31860 Cross-site Scripting vulnerability in Wuzhicms Wuzhi CMS 3.1.2
Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system.
network
low complexity
wuzhicms CWE-79
5.4
2023-04-28 CVE-2023-30123 Cross-site Scripting vulnerability in Wuzhicms 4.1.0
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.
network
low complexity
wuzhicms CWE-79
5.4
2022-06-28 CVE-2020-19897 Cross-site Scripting vulnerability in Wuzhicms Wuzhi CMS 4.1.0
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
network
wuzhicms CWE-79
4.3
2022-06-16 CVE-2021-41654 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php
network
low complexity
wuzhicms CWE-89
7.5
2022-05-04 CVE-2022-27431 SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.
network
low complexity
wuzhicms CWE-89
7.5