Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wuzhicms wuzhicms 4.1.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-11528
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.
Wuzhicms Wuzhi Cms 4.1.0
5.4
CVSSv3
CVE-2018-11549
An issue exists in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.
Wuzhicms Wuzhi Cms 4.1.0
9.8
CVSSv3
CVE-2020-20122
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
Wuzhicms Wuzhi Cms 4.1.0
6.1
CVSSv3
CVE-2019-9110
XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.
Wuzhicms Wuzhi Cms 4.1.0
5.4
CVSSv3
CVE-2020-19770
A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows malicious users to steal the admin's cookie.
Wuzhicms Wuzhi Cms 4.1.0
6.1
CVSSv3
CVE-2020-19897
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote malicious users to execute arbitrary web script or HTML via the imgurl parameter.
Wuzhicms Wuzhi Cms 4.1.0
8.8
CVSSv3
CVE-2020-20124
Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.
Wuzhicms Wuzhi Cms 4.1.0
8.8
CVSSv3
CVE-2020-19551
Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.
Wuzhicms Wuzhicms
5.4
CVSSv3
CVE-2020-19553
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
Wuzhicms Wuzhicms
NA
CVE-2024-31008
An issue exists in WUZHICMS version 4.1.0, allows an malicious user to execute arbitrary code and obtain sensitive information via the index.php file.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5