WUZHI CMS
Products
1- 11 CVEs
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10312 | 0.03 | — | 0.00 | Apr 24, 2018 | index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member. | |||
| CVE-2018-10311 | 0.03 | — | 0.00 | Apr 24, 2018 | A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI. | |||
| CVE-2018-20572 | 0.00 | — | 0.00 | Dec 28, 2018 | WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | |||
| CVE-2018-18939 | 0.00 | — | 0.00 | Nov 5, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. | |||
| CVE-2018-18711 | 0.00 | — | 0.00 | Oct 27, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info. | |||
| CVE-2018-14512 | 0.00 | — | 0.00 | Jul 23, 2018 | An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings… | |||
| CVE-2018-14513 | 0.00 | — | 0.00 | Jul 23, 2018 | An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. | |||
| CVE-2018-14515 | 0.00 | — | 0.00 | Jul 23, 2018 | A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. | |||
| CVE-2018-14472 | 0.00 | — | 0.01 | Jul 20, 2018 | An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection. | |||
| CVE-2018-10391 | 0.00 | — | 0.00 | Apr 26, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI. | |||
| CVE-2018-9927 | 0.00 | — | 0.00 | Apr 10, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add. |
- CVE-2018-10312Apr 24, 2018risk 0.03cvss —epss 0.00
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
- CVE-2018-10311Apr 24, 2018risk 0.03cvss —epss 0.00
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.
- CVE-2018-20572Dec 28, 2018risk 0.00cvss —epss 0.00
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
- CVE-2018-18939Nov 5, 2018risk 0.00cvss —epss 0.00
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field.
- CVE-2018-18711Oct 27, 2018risk 0.00cvss —epss 0.00
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info.
- CVE-2018-14512Jul 23, 2018risk 0.00cvss —epss 0.00
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings…
- CVE-2018-14513Jul 23, 2018risk 0.00cvss —epss 0.00
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI.
- CVE-2018-14515Jul 23, 2018risk 0.00cvss —epss 0.00
A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter.
- CVE-2018-14472Jul 20, 2018risk 0.00cvss —epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.
- CVE-2018-10391Apr 26, 2018risk 0.00cvss —epss 0.00
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.
- CVE-2018-9927Apr 10, 2018risk 0.00cvss —epss 0.00
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add.