WuzhiCMS
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3563 | 0.00 | — | 0.00 | Apr 14, 2025 | A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||
| CVE-2025-25916 | 0.00 | — | 0.00 | Feb 28, 2025 | wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php. | |||
| CVE-2018-17425 | 0.00 | — | 0.00 | Mar 7, 2019 | WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI. | |||
| CVE-2018-17426 | 0.00 | — | 0.00 | Mar 7, 2019 | WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI. | |||
| CVE-2019-9109 | 0.00 | — | 0.00 | Feb 25, 2019 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php. | |||
| CVE-2019-9107 | 0.00 | — | 0.00 | Feb 25, 2019 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. | |||
| CVE-2019-9110 | 0.00 | — | 0.00 | Feb 25, 2019 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php. | |||
| CVE-2019-9108 | 0.00 | — | 0.00 | Feb 25, 2019 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php. |
- CVE-2025-3563Apr 14, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CVE-2025-25916Feb 28, 2025risk 0.00cvss —epss 0.00
wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php.
- CVE-2018-17425Mar 7, 2019risk 0.00cvss —epss 0.00
WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.
- CVE-2018-17426Mar 7, 2019risk 0.00cvss —epss 0.00
WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI.
- CVE-2019-9109Feb 25, 2019risk 0.00cvss —epss 0.00
XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php.
- CVE-2019-9107Feb 25, 2019risk 0.00cvss —epss 0.00
XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.
- CVE-2019-9110Feb 25, 2019risk 0.00cvss —epss 0.00
XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.
- CVE-2019-9108Feb 25, 2019risk 0.00cvss —epss 0.00
XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php.