Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wuzhicms wuzhicms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-10221
An issue exists in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the admi...
Wuzhicms Wuzhicms 4.1.0
9.8
CVSSv3
CVE-2018-20572
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
Wuzhicms Wuzhicms 4.1.0
9.8
CVSSv3
CVE-2020-20413
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote malicious user to execute arbitrary code via the checktitle() function in admin/content.php.
Wuzhicms Wuzhicms 4.1.0
9.8
CVSSv3
CVE-2021-40670
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
Wuzhicms Wuzhicms 4.1.0
9.8
CVSSv3
CVE-2018-11722
WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.
Wuzhicms Wuzhicms 4.1.0
6.1
CVSSv3
CVE-2020-18654
Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote malicious users to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".
Wuzhicms Wuzhicms 4.1.0
8.1
CVSSv3
CVE-2020-24930
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.
Wuzhicms Wuzhicms 4.1.0
8.8
CVSSv3
CVE-2020-36037
An issue was disocvered in wuzhicms version 4.1.0, allows remote malicious users to execte arbitrary code via the setting parameter to the ueditor in index.php.
Wuzhicms Wuzhicms 4.1.0
9.8
CVSSv3
CVE-2023-46482
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote malicious user to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.
Wuzhicms Wuzhicms 4.1.0
7.5
CVSSv3
CVE-2020-28145
Arbitrary file deletion vulnerability exists in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows malicious users to access sensitive information.
Wuzhicms Wuzhicms 4.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »