Vulnerabilities > Wuzhicms

DATE CVE VULNERABILITY TITLE RISK
2022-06-16 CVE-2021-41654 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php
network
low complexity
wuzhicms CWE-89
critical
9.8
2022-05-04 CVE-2022-27431 SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.
network
low complexity
wuzhicms CWE-89
critical
9.8
2021-12-21 CVE-2020-19770 Cross-site Scripting vulnerability in Wuzhicms Wuzhi CMS 4.1.0
A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie.
network
low complexity
wuzhicms CWE-79
5.4
2021-10-12 CVE-2020-28145 Exposure of Resource to Wrong Sphere vulnerability in Wuzhicms 4.0.1
Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.
network
low complexity
wuzhicms CWE-668
7.5
2021-09-28 CVE-2020-20122 SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
network
low complexity
wuzhicms CWE-89
critical
9.8
2021-09-28 CVE-2020-20124 Code Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0
Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.
network
low complexity
wuzhicms CWE-94
8.8
2021-09-27 CVE-2020-24930 Unspecified vulnerability in Wuzhicms 4.1.0
Beijing Wuzhi Internet Technology Co., Ltd.
network
low complexity
wuzhicms
8.1
2021-09-21 CVE-2020-19551 Incorrect Authorization vulnerability in Wuzhicms
Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.
network
low complexity
wuzhicms CWE-863
8.8
2021-09-21 CVE-2020-19553 Cross-site Scripting vulnerability in Wuzhicms
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
network
low complexity
wuzhicms CWE-79
5.4
2021-09-20 CVE-2020-19915 Cross-site Scripting vulnerability in Wuzhicms 4.1.0
Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php.
network
low complexity
wuzhicms CWE-79
6.1