VYPR

Wuzhicms

by WuzhiCMS

Source repositories

CVEs (64)

  • CVE-2024-32206MedApr 19, 2024
    risk 0.30cvss 4.6epss 0.01

    A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter.

  • CVE-2025-0480MedJan 15, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate…

  • CVE-2020-21590MedApr 2, 2021
    risk 0.28cvss 4.3epss 0.01

    Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.

  • CVE-2022-36168LowAug 26, 2022
    risk 0.18cvss 2.7epss 0.01

    A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:

Page 4 of 4

VYPR — Vulnerability Intelligence