Vulnerabilities > Wuzhicms

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-16	CVE-2021-41654	SQL Injection vulnerability in Wuzhicms 4.1.0 SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php network low complexity wuzhicms CWE-89 critical	9.8
2022-05-04	CVE-2022-27431	SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0 Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. network low complexity wuzhicms CWE-89 critical	9.8
2021-12-21	CVE-2020-19770	Cross-site Scripting vulnerability in Wuzhicms Wuzhi CMS 4.1.0 A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie. network low complexity wuzhicms CWE-79	5.4
2021-10-12	CVE-2020-28145	Exposure of Resource to Wrong Sphere vulnerability in Wuzhicms 4.0.1 Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. network low complexity wuzhicms CWE-668	7.5
2021-09-28	CVE-2020-20122	SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0 Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. network low complexity wuzhicms CWE-89 critical	9.8
2021-09-28	CVE-2020-20124	Code Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0 Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. network low complexity wuzhicms CWE-94	8.8
2021-09-27	CVE-2020-24930	Unspecified vulnerability in Wuzhicms 4.1.0 Beijing Wuzhi Internet Technology Co., Ltd. network low complexity wuzhicms	8.1
2021-09-21	CVE-2020-19551	Incorrect Authorization vulnerability in Wuzhicms Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. network low complexity wuzhicms CWE-863	8.8
2021-09-21	CVE-2020-19553	Cross-site Scripting vulnerability in Wuzhicms Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. network low complexity wuzhicms CWE-79	5.4
2021-09-20	CVE-2020-19915	Cross-site Scripting vulnerability in Wuzhicms 4.1.0 Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. network low complexity wuzhicms CWE-79	6.1

Vulnerabilities > Wuzhicms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Wuzhicms"}]}

Vulnerabilities > Wuzhicms