Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wuzhicms wuzhicms 4.1.0 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-30123
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.
Wuzhicms Wuzhicms 4.1.0
9.8
CVSSv3
CVE-2023-46482
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote malicious user to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.
Wuzhicms Wuzhicms 4.1.0
8.8
CVSSv3
CVE-2020-21325
An issue in WUZHI CMS v.4.1.0 allows a remote malicious user to execute arbitrary code via the set_chache method of the function\common.func.php file.
Wuzhicms Wuzhicms 4.1.0
6.1
CVSSv3
CVE-2019-9108
XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php.
Wuzhicms Wuzhicms 4.1.0
9.8
CVSSv3
CVE-2021-40674
An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.
Wuzhicms Wuzhicms 4.1.0
8.8
CVSSv3
CVE-2020-36037
An issue was disocvered in wuzhicms version 4.1.0, allows remote malicious users to execte arbitrary code via the setting parameter to the ueditor in index.php.
Wuzhicms Wuzhicms 4.1.0
5.4
CVSSv3
CVE-2018-10221
An issue exists in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the admi...
Wuzhicms Wuzhicms 4.1.0
7.5
CVSSv3
CVE-2020-18877
SQL Injection in Wuzhi CMS v4.1.0 allows remote malicious users to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.
Wuzhicms Wuzhicms 4.1.0
7.2
CVSSv3
CVE-2018-14472
An issue exists in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.
Wuzhicms Wuzhicms 4.1.0
8.8
CVSSv3
CVE-2018-9926
An issue exists in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.
Wuzhicms Wuzhicms 4.1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525
CVE-2024-4652
CVE-2024-1438
CVE-2024-4671
CVE-2024-34351
arbitrary
CVE-2024-4650
SQL injection
overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »