A SQL injection exists in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.
wuzhi cms project wuzhi cms 4.1.0