Vulnerabilities > Wuzhicms

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-10	CVE-2023-52064	SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0 Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. network low complexity wuzhicms CWE-89 critical	9.8
2023-11-01	CVE-2023-46482	SQL Injection vulnerability in Wuzhicms 4.1.0 SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. network low complexity wuzhicms CWE-89 critical	9.8
2023-08-11	CVE-2020-36037	Unspecified vulnerability in Wuzhicms 4.1.0 An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php. network low complexity wuzhicms	8.8
2023-06-20	CVE-2020-20413	SQL Injection vulnerability in Wuzhicms 4.1.0 SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. network low complexity wuzhicms CWE-89 critical	9.8
2023-06-20	CVE-2020-21325	Unrestricted Upload of File with Dangerous Type vulnerability in Wuzhicms 4.1.0 An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file. network low complexity wuzhicms CWE-434	8.8
2023-05-23	CVE-2023-31860	Cross-site Scripting vulnerability in Wuzhicms Wuzhi CMS 3.1.2 Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. network low complexity wuzhicms CWE-79	5.4
2023-04-28	CVE-2023-30123	Cross-site Scripting vulnerability in Wuzhicms 4.1.0 wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. network low complexity wuzhicms CWE-79	5.4
2022-06-28	CVE-2020-19897	Cross-site Scripting vulnerability in Wuzhicms Wuzhi CMS 4.1.0 A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. network wuzhicms CWE-79	4.3
2022-06-16	CVE-2021-41654	SQL Injection vulnerability in Wuzhicms 4.1.0 SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php network low complexity wuzhicms CWE-89	7.5
2022-05-04	CVE-2022-27431	SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0 Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. network low complexity wuzhicms CWE-89	7.5

Vulnerabilities > Wuzhicms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Wuzhicms"}]}

Vulnerabilities > Wuzhicms