An issue was disocvered in wuzhicms version 4.1.0, allows remote malicious users to execte arbitrary code via the setting parameter to the ueditor in index.php.
wuzhicms wuzhicms 4.1.0