Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wuzhicms wuzhicms 4.1.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-20572
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
Wuzhicms Wuzhicms 4.1.0
3.5
CVSSv2
CVE-2018-18938
An issue exists in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.
Wuzhicms Wuzhi Cms 4.1.0
6.8
CVSSv2
CVE-2018-18711
An issue exists in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info.
Wuzhicms Wuzhi Cms 4.1.0
6.8
CVSSv2
CVE-2018-18712
An issue exists in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1.
Wuzhicms Wuzhi Cms 4.1.0
4.3
CVSSv2
CVE-2018-14512
An XSS vulnerability exists in WUZHI CMS 4.1.0. There is persistent XSS that allows remote malicious users to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "syste...
Wuzhicms Wuzhi Cms 4.1.0
6.5
CVSSv2
CVE-2018-14472
An issue exists in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.
Wuzhicms Wuzhicms 4.1.0
7.5
CVSSv2
CVE-2018-11722
WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.
Wuzhicms Wuzhicms 4.1.0
3.5
CVSSv2
CVE-2018-11549
An issue exists in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.
Wuzhicms Wuzhi Cms 4.1.0
7.5
CVSSv2
CVE-2018-11528
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.
Wuzhicms Wuzhi Cms 4.1.0
6.8
CVSSv2
CVE-2018-11493
An issue exists in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.
Wuzhicms Wuzhi Cms 4.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »