An issue exists in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wuzhicms wuzhicms 4.1.0 |