Vulnerabilities > Wuzhicms

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-21	CVE-2020-19770	Cross-site Scripting vulnerability in Wuzhicms Wuzhi CMS 4.1.0 A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie. network wuzhicms CWE-79	3.5
2021-10-12	CVE-2020-28145	Exposure of Resource to Wrong Sphere vulnerability in Wuzhicms 4.0.1 Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. network low complexity wuzhicms CWE-668	5.0
2021-09-28	CVE-2020-20122	SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0 Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. network low complexity wuzhicms CWE-89	7.5
2021-09-28	CVE-2020-20124	Code Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0 Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. network low complexity wuzhicms CWE-94	6.5
2021-09-27	CVE-2020-24930	Unspecified vulnerability in Wuzhicms 4.1.0 Beijing Wuzhi Internet Technology Co., Ltd. network low complexity wuzhicms	5.5
2021-09-21	CVE-2020-19551	Incorrect Authorization vulnerability in Wuzhicms Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. network low complexity wuzhicms CWE-863	6.5
2021-09-21	CVE-2020-19553	Cross-site Scripting vulnerability in Wuzhicms Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. network wuzhicms CWE-79	3.5
2021-09-20	CVE-2020-19915	Cross-site Scripting vulnerability in Wuzhicms 4.1.0 Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. network wuzhicms CWE-79	4.3
2021-09-20	CVE-2021-40674	SQL Injection vulnerability in Wuzhicms 4.1.0 An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php. network low complexity wuzhicms CWE-89	7.5
2021-09-16	CVE-2021-40669	SQL Injection vulnerability in Wuzhicms 4.1.0 SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file. network low complexity wuzhicms CWE-89	7.5

Vulnerabilities > Wuzhicms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Wuzhicms"}]}

Vulnerabilities > Wuzhicms