Vulnerabilities > Wuzhicms > Wuzhicms

DATE CVE VULNERABILITY TITLE RISK
2024-10-30 CVE-2024-10505 Code Injection vulnerability in Wuzhicms 4.1.0
A vulnerability was found in wuzhicms 4.1.0.
network
low complexity
wuzhicms CWE-94
7.2
7.2
2023-11-01 CVE-2023-46482 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.
network
low complexity
wuzhicms CWE-89
critical
 9.8
9.8
2023-08-11 CVE-2020-36037 Unspecified vulnerability in Wuzhicms 4.1.0
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.
network
low complexity
wuzhicms
8.8
8.8
2023-06-20 CVE-2020-20413 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.
network
low complexity
wuzhicms CWE-89
critical
 9.8
9.8
2023-06-20 CVE-2020-21325 Unrestricted Upload of File with Dangerous Type vulnerability in Wuzhicms 4.1.0
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.
network
low complexity
wuzhicms CWE-434
8.8
8.8
2023-04-28 CVE-2023-30123 Cross-site Scripting vulnerability in Wuzhicms 4.1.0
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.
network
low complexity
wuzhicms CWE-79
5.4
5.4
2022-08-26 CVE-2022-36168 Path Traversal vulnerability in Wuzhicms 4.1.0
A directory traversal vulnerability was discovered in Wuzhicms 4.1.0.
network
low complexity
wuzhicms CWE-22
2.7
2.7
2022-06-16 CVE-2021-41654 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php
network
low complexity
wuzhicms CWE-89
critical
 9.8
9.8
2021-10-12 CVE-2020-28145 Exposure of Resource to Wrong Sphere vulnerability in Wuzhicms 4.0.1
Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.
network
low complexity
wuzhicms CWE-668
7.5
7.5
2021-09-27 CVE-2020-24930 Unspecified vulnerability in Wuzhicms 4.1.0
Beijing Wuzhi Internet Technology Co., Ltd.
network
low complexity
wuzhicms
8.1
8.1