A directory traversal vulnerability exists in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:
wuzhicms wuzhicms 4.1.0