Vulnerabilities > Wuzhicms > Wuzhicms

DATE CVE VULNERABILITY TITLE RISK
2023-11-01 CVE-2023-46482 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.
network
low complexity
wuzhicms CWE-89
critical
9.8
2023-08-11 CVE-2020-36037 Unspecified vulnerability in Wuzhicms 4.1.0
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.
network
low complexity
wuzhicms
8.8
2023-06-20 CVE-2020-20413 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.
network
low complexity
wuzhicms CWE-89
critical
9.8
2023-06-20 CVE-2020-21325 Unrestricted Upload of File with Dangerous Type vulnerability in Wuzhicms 4.1.0
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.
network
low complexity
wuzhicms CWE-434
8.8
2023-04-28 CVE-2023-30123 Cross-site Scripting vulnerability in Wuzhicms 4.1.0
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.
network
low complexity
wuzhicms CWE-79
5.4
2022-06-16 CVE-2021-41654 SQL Injection vulnerability in Wuzhicms 4.1.0
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php
network
low complexity
wuzhicms CWE-89
7.5
2021-10-12 CVE-2020-28145 Exposure of Resource to Wrong Sphere vulnerability in Wuzhicms 4.0.1
Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.
network
low complexity
wuzhicms CWE-668
5.0
2021-09-27 CVE-2020-24930 Unspecified vulnerability in Wuzhicms 4.1.0
Beijing Wuzhi Internet Technology Co., Ltd.
network
low complexity
wuzhicms
5.5
2021-09-21 CVE-2020-19551 Incorrect Authorization vulnerability in Wuzhicms
Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.
network
low complexity
wuzhicms CWE-863
6.5
2021-09-21 CVE-2020-19553 Cross-site Scripting vulnerability in Wuzhicms
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
network
wuzhicms CWE-79
3.5