Vulnerabilities > Wuzhicms > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-11 CVE-2020-36037 Unspecified vulnerability in Wuzhicms 4.1.0
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.
network
low complexity
wuzhicms
8.8
8.8
2023-06-20 CVE-2020-21325 Unrestricted Upload of File with Dangerous Type vulnerability in Wuzhicms 4.1.0
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.
network
low complexity
wuzhicms CWE-434
8.8
8.8
2022-06-16 CVE-2021-41654 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php
network
low complexity
wuzhicms CWE-89
7.5
7.5
2022-05-04 CVE-2022-27431 SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.
network
low complexity
wuzhicms CWE-89
7.5
7.5
2021-09-28 CVE-2020-20122 SQL Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
network
low complexity
wuzhicms CWE-89
7.5
7.5
2021-09-20 CVE-2021-40674 SQL Injection vulnerability in Wuzhicms 4.1.0
An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.
network
low complexity
wuzhicms CWE-89
7.5
7.5
2021-09-16 CVE-2021-40669 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.
network
low complexity
wuzhicms CWE-89
7.5
7.5
2021-09-16 CVE-2021-40670 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
network
low complexity
wuzhicms CWE-89
7.5
7.5
2018-12-28 CVE-2018-20572 SQL Injection vulnerability in Wuzhicms 4.1.0
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
network
low complexity
wuzhicms CWE-89
7.5
7.5
2018-06-05 CVE-2018-11722 SQL Injection vulnerability in Wuzhicms 4.1.0
WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.
network
low complexity
wuzhicms CWE-89
7.5
7.5