Vulnerabilities > Wuzhicms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-16 | CVE-2021-41654 | SQL Injection vulnerability in Wuzhicms 4.1.0 SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php | 9.8 |
2022-05-04 | CVE-2022-27431 | SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0 Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. | 9.8 |
2021-12-21 | CVE-2020-19770 | Cross-site Scripting vulnerability in Wuzhicms Wuzhi CMS 4.1.0 A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie. | 5.4 |
2021-10-12 | CVE-2020-28145 | Exposure of Resource to Wrong Sphere vulnerability in Wuzhicms 4.0.1 Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. | 7.5 |
2021-09-28 | CVE-2020-20122 | SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0 Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. | 9.8 |
2021-09-28 | CVE-2020-20124 | Code Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0 Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. | 8.8 |
2021-09-27 | CVE-2020-24930 | Unspecified vulnerability in Wuzhicms 4.1.0 Beijing Wuzhi Internet Technology Co., Ltd. | 8.1 |
2021-09-21 | CVE-2020-19551 | Incorrect Authorization vulnerability in Wuzhicms Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. | 8.8 |
2021-09-21 | CVE-2020-19553 | Cross-site Scripting vulnerability in Wuzhicms Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. | 5.4 |
2021-09-20 | CVE-2020-19915 | Cross-site Scripting vulnerability in Wuzhicms 4.1.0 Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. | 6.1 |