High severity7.5NVD Advisory· Published Aug 20, 2021· Updated Jun 17, 2026
CVE-2020-18877
CVE-2020-18877
Description
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.
Affected products
2- Wuzhi CMS/Wuzhi CMSdescription
Patches
Vulnerability mechanics
References
1- github.com/wuzhicms/wuzhicms/issues/175nvdExploitIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.