VYPR

Wuzhicms

by WuzhiCMS

Source repositories

CVEs (64)

  • CVE-2023-52064CriJan 10, 2024
    risk 0.64cvss 9.8epss 0.01

    Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.

  • CVE-2023-46482CriNov 1, 2023
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.

  • CVE-2020-20413CriJun 20, 2023
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.

  • CVE-2021-41654CriJun 16, 2022
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php

  • CVE-2022-27431CriMay 4, 2022
    risk 0.64cvss 9.8epss 0.01

    Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.

  • CVE-2020-20122CriSep 28, 2021
    risk 0.64cvss 9.8epss 0.01

    Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.

  • CVE-2021-40674CriSep 20, 2021
    risk 0.64cvss 9.8epss 0.01

    An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.

  • CVE-2021-40670CriSep 16, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.

  • CVE-2021-40669CriSep 16, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.

  • CVE-2018-20572CriDec 28, 2018
    risk 0.64cvss 9.8epss 0.02

    WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.

  • CVE-2018-17852CriOct 1, 2018
    risk 0.64cvss 9.8epss 0.02

    A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI.

  • CVE-2018-15894CriAug 27, 2018
    risk 0.64cvss 9.8epss 0.02

    A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter.

  • CVE-2018-15893CriAug 27, 2018
    risk 0.64cvss 9.8epss 0.02

    A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.

  • CVE-2018-14515CriJul 23, 2018
    risk 0.64cvss 9.8epss 0.02

    A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter.

  • CVE-2018-11722CriJun 5, 2018
    risk 0.64cvss 9.8epss 0.02

    WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.

  • CVE-2018-11528CriMay 29, 2018
    risk 0.64cvss 9.8epss 0.02

    WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.

  • CVE-2018-10312HigApr 24, 2018
    risk 0.60cvss 8.8epss 0.02

    index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.

  • CVE-2018-9926HigApr 10, 2018
    risk 0.60cvss 8.8epss 0.03

    An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.

  • CVE-2020-36037HigAug 11, 2023
    risk 0.57cvss 8.8epss 0.01

    An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.

  • CVE-2020-21325HigJun 20, 2023
    risk 0.57cvss 8.8epss 0.01

    An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.

Page 1 of 4