Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3563 | 1 Wuzhicms | 1 Wuzhicms | 2025-04-29 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-25916 | 1 Wuzhicms | 1 Wuzhicms | 2025-04-29 | N/A | 5.4 MEDIUM |
| wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php. | |||||
| CVE-2023-30123 | 1 Wuzhicms | 1 Wuzhicms | 2025-01-30 | N/A | 5.4 MEDIUM |
| wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. | |||||
| CVE-2020-20413 | 1 Wuzhicms | 1 Wuzhicms | 2024-12-10 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. | |||||
| CVE-2020-21325 | 1 Wuzhicms | 1 Wuzhicms | 2024-12-09 | N/A | 8.8 HIGH |
| An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file. | |||||
| CVE-2023-46482 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. | |||||
| CVE-2022-36168 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A | 2.7 LOW |
| A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: | |||||
| CVE-2021-41654 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php | |||||
| CVE-2021-40674 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php. | |||||
| CVE-2021-40670 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file. | |||||
| CVE-2021-40669 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file. | |||||
| CVE-2020-36037 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php. | |||||
| CVE-2020-28145 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. | |||||
| CVE-2020-24930 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files. | |||||
| CVE-2020-21590 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter. | |||||
| CVE-2020-19915 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. | |||||
| CVE-2020-19553 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. | |||||
| CVE-2020-19551 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. | |||||
| CVE-2020-18877 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'. | |||||
| CVE-2020-18654 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php". | |||||