Wuzhicms
by WuzhiCMS
Source repositories
CVEs (64)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-52064 | Cri | 0.64 | 9.8 | 0.01 | Jan 10, 2024 | Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. | ||
| CVE-2023-46482 | Cri | 0.64 | 9.8 | 0.01 | Nov 1, 2023 | SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. | ||
| CVE-2020-20413 | Cri | 0.64 | 9.8 | 0.01 | Jun 20, 2023 | SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. | ||
| CVE-2021-41654 | Cri | 0.64 | 9.8 | 0.01 | Jun 16, 2022 | SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php | ||
| CVE-2022-27431 | Cri | 0.64 | 9.8 | 0.01 | May 4, 2022 | Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. | ||
| CVE-2020-20122 | Cri | 0.64 | 9.8 | 0.01 | Sep 28, 2021 | Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. | ||
| CVE-2021-40674 | Cri | 0.64 | 9.8 | 0.01 | Sep 20, 2021 | An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php. | ||
| CVE-2021-40670 | Cri | 0.64 | 9.8 | 0.01 | Sep 16, 2021 | SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file. | ||
| CVE-2021-40669 | Cri | 0.64 | 9.8 | 0.01 | Sep 16, 2021 | SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file. | ||
| CVE-2018-20572 | Cri | 0.64 | 9.8 | 0.02 | Dec 28, 2018 | WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | ||
| CVE-2018-17852 | Cri | 0.64 | 9.8 | 0.02 | Oct 1, 2018 | A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. | ||
| CVE-2018-15894 | Cri | 0.64 | 9.8 | 0.02 | Aug 27, 2018 | A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter. | ||
| CVE-2018-15893 | Cri | 0.64 | 9.8 | 0.02 | Aug 27, 2018 | A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter. | ||
| CVE-2018-14515 | Cri | 0.64 | 9.8 | 0.02 | Jul 23, 2018 | A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. | ||
| CVE-2018-11722 | Cri | 0.64 | 9.8 | 0.02 | Jun 5, 2018 | WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. | ||
| CVE-2018-11528 | Cri | 0.64 | 9.8 | 0.02 | May 29, 2018 | WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. | ||
| CVE-2018-10312 | Hig | 0.60 | 8.8 | 0.02 | Apr 24, 2018 | index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member. | ||
| CVE-2018-9926 | Hig | 0.60 | 8.8 | 0.03 | Apr 10, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add. | ||
| CVE-2020-36037 | Hig | 0.57 | 8.8 | 0.01 | Aug 11, 2023 | An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php. | ||
| CVE-2020-21325 | Hig | 0.57 | 8.8 | 0.01 | Jun 20, 2023 | An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file. |
- risk 0.64cvss 9.8epss 0.01
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php
- risk 0.64cvss 9.8epss 0.01
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.
- risk 0.64cvss 9.8epss 0.01
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
- risk 0.64cvss 9.8epss 0.01
An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.
- risk 0.64cvss 9.8epss 0.01
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
- risk 0.64cvss 9.8epss 0.01
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.
- risk 0.64cvss 9.8epss 0.02
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
- risk 0.64cvss 9.8epss 0.02
A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI.
- risk 0.64cvss 9.8epss 0.02
A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter.
- risk 0.64cvss 9.8epss 0.02
A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.
- risk 0.64cvss 9.8epss 0.02
A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter.
- risk 0.64cvss 9.8epss 0.02
WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.
- risk 0.64cvss 9.8epss 0.02
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.
- risk 0.60cvss 8.8epss 0.02
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
- risk 0.60cvss 8.8epss 0.03
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.
- risk 0.57cvss 8.8epss 0.01
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.
- risk 0.57cvss 8.8epss 0.01
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.
Page 1 of 4