Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wuzhicms wuzhicms 4.1.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-40674
An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.
Wuzhicms Wuzhicms 4.1.0
5.4
CVSSv3
CVE-2018-10221
An issue exists in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the admi...
Wuzhicms Wuzhicms 4.1.0
6.1
CVSSv3
CVE-2019-9108
XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php.
Wuzhicms Wuzhicms 4.1.0
8.8
CVSSv3
CVE-2020-21325
An issue in WUZHI CMS v.4.1.0 allows a remote malicious user to execute arbitrary code via the set_chache method of the function\common.func.php file.
Wuzhicms Wuzhicms 4.1.0
4.3
CVSSv3
CVE-2020-21590
Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows malicious users to list files in arbitrary directories via the dir parameter.
Wuzhicms Wuzhicms 4.1.0
8.8
CVSSv3
CVE-2020-36037
An issue was disocvered in wuzhicms version 4.1.0, allows remote malicious users to execte arbitrary code via the setting parameter to the ueditor in index.php.
Wuzhicms Wuzhicms 4.1.0
7.5
CVSSv3
CVE-2020-18877
SQL Injection in Wuzhi CMS v4.1.0 allows remote malicious users to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.
Wuzhicms Wuzhicms 4.1.0
7.2
CVSSv3
CVE-2018-14472
An issue exists in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.
Wuzhicms Wuzhicms 4.1.0
9.8
CVSSv3
CVE-2018-11722
WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.
Wuzhicms Wuzhicms 4.1.0
8.1
CVSSv3
CVE-2020-24930
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.
Wuzhicms Wuzhicms 4.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »