Vulnerabilities > Wuzhicms

DATE CVE VULNERABILITY TITLE RISK
2021-10-12 CVE-2020-28145 Exposure of Resource to Wrong Sphere vulnerability in Wuzhicms 4.0.1
Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.
network
low complexity
wuzhicms CWE-668
5.0
2021-09-28 CVE-2020-20124 Code Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0
Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.
network
low complexity
wuzhicms CWE-94
6.5
2021-09-28 CVE-2020-20122 SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
network
low complexity
wuzhicms CWE-89
7.5
2021-09-27 CVE-2020-24930 Unspecified vulnerability in Wuzhicms 4.1.0
Beijing Wuzhi Internet Technology Co., Ltd.
network
low complexity
wuzhicms
5.5
2021-09-21 CVE-2020-19553 Cross-site Scripting vulnerability in Wuzhicms
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
network
wuzhicms CWE-79
3.5
2021-09-21 CVE-2020-19551 Incorrect Authorization vulnerability in Wuzhicms
Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.
network
low complexity
wuzhicms CWE-863
6.5
2021-09-20 CVE-2020-19915 Cross-site Scripting vulnerability in Wuzhicms 4.1.0
Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php.
network
wuzhicms CWE-79
4.3
2021-09-20 CVE-2021-40674 SQL Injection vulnerability in Wuzhicms 4.1.0
An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.
network
low complexity
wuzhicms CWE-89
7.5
2021-09-16 CVE-2021-40670 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
network
low complexity
wuzhicms CWE-89
7.5
2021-09-16 CVE-2021-40669 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.
network
low complexity
wuzhicms CWE-89
7.5