VYPR

Vendor CVEs

WuzhiCMS

All CVEs

66 total · sorted by risk
  • CVE-2023-52064CriJan 10, 2024
    risk 0.64cvss 9.8epss 0.01

    Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.

  • CVE-2023-46482CriNov 1, 2023
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.

  • CVE-2020-20413CriJun 20, 2023
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.

  • CVE-2021-41654CriJun 16, 2022
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php

  • CVE-2022-27431CriMay 4, 2022
    risk 0.64cvss 9.8epss 0.01

    Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.

  • CVE-2020-20122CriSep 28, 2021
    risk 0.64cvss 9.8epss 0.01

    Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.

  • CVE-2021-40674CriSep 20, 2021
    risk 0.64cvss 9.8epss 0.01

    An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.

  • CVE-2021-40670CriSep 16, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.

  • CVE-2021-40669CriSep 16, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.

  • CVE-2018-20572CriDec 28, 2018
    risk 0.64cvss 9.8epss 0.02

    WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.

  • CVE-2018-17852CriOct 1, 2018
    risk 0.64cvss 9.8epss 0.02

    A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI.

  • CVE-2018-15894CriAug 27, 2018
    risk 0.64cvss 9.8epss 0.02

    A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter.

  • CVE-2018-15893CriAug 27, 2018
    risk 0.64cvss 9.8epss 0.02

    A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.

  • CVE-2018-14515CriJul 23, 2018
    risk 0.64cvss 9.8epss 0.02

    A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter.

  • CVE-2018-11722CriJun 5, 2018
    risk 0.64cvss 9.8epss 0.02

    WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.

  • CVE-2018-11528CriMay 29, 2018
    risk 0.64cvss 9.8epss 0.02

    WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.

  • CVE-2018-10312HigApr 24, 2018
    risk 0.60cvss 8.8epss 0.02

    index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.

  • CVE-2018-9926HigApr 10, 2018
    risk 0.60cvss 8.8epss 0.03

    An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.

  • CVE-2020-36037HigAug 11, 2023
    risk 0.57cvss 8.8epss 0.01

    An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.

  • CVE-2020-21325HigJun 20, 2023
    risk 0.57cvss 8.8epss 0.01

    An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.

  • CVE-2020-20124HigSep 28, 2021
    risk 0.57cvss 8.8epss 0.03

    Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.

  • CVE-2020-19551HigSep 21, 2021
    risk 0.57cvss 8.8epss 0.02

    Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.

  • CVE-2018-18712HigOct 29, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1.

  • CVE-2018-18711HigOct 29, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info.

  • CVE-2018-11493HigMay 26, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.

  • CVE-2018-9927HigApr 10, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add.

  • CVE-2020-24930HigSep 27, 2021
    risk 0.53cvss 8.1epss 0.01

    Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.

  • CVE-2020-28145HigOct 12, 2021
    risk 0.49cvss 7.5epss 0.01

    Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.

  • CVE-2020-18877HigAug 20, 2021
    risk 0.49cvss 7.5epss 0.01

    SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.

  • CVE-2018-14472HigJul 20, 2018
    risk 0.47cvss 7.2epss 0.02

    An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.

  • CVE-2018-17832MedOct 1, 2018
    risk 0.43cvss 6.1epss 0.02

    XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter.

  • CVE-2018-10311MedApr 24, 2018
    risk 0.43cvss 6.1epss 0.03

    A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.

  • CVE-2024-31008MedApr 3, 2024
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.

  • CVE-2018-10248MedApr 20, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.

  • CVE-2024-10505MedOct 30, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2020-19897MedJun 28, 2022
    risk 0.40cvss 6.1epss 0.01

    A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.

  • CVE-2020-19915MedSep 20, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php.

  • CVE-2020-18654MedJun 22, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".

  • CVE-2019-9110MedFeb 25, 2019
    risk 0.40cvss 6.1epss 0.01

    XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.

  • CVE-2019-9109MedFeb 25, 2019
    risk 0.40cvss 6.1epss 0.01

    XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php.

  • CVE-2019-9108MedFeb 25, 2019
    risk 0.40cvss 6.1epss 0.01

    XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php.

  • CVE-2019-9107MedFeb 25, 2019
    risk 0.40cvss 6.1epss 0.01

    XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.

  • CVE-2018-16350MedSep 2, 2018
    risk 0.40cvss 6.1epss 0.01

    WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter.

  • CVE-2018-16349MedSep 2, 2018
    risk 0.40cvss 6.1epss 0.01

    WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter.

  • CVE-2018-14513MedJul 23, 2018
    risk 0.40cvss 6.1epss 0.01

    An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI.

  • CVE-2018-14512MedJul 23, 2018
    risk 0.40cvss 6.1epss 0.01

    An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings…

  • CVE-2018-10313MedApr 24, 2018
    risk 0.38cvss 5.4epss 0.02

    WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.

  • CVE-2025-25916MedFeb 28, 2025
    risk 0.35cvss 5.4epss 0.00

    wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php.

  • CVE-2023-31860MedMay 23, 2023
    risk 0.35cvss 5.4epss 0.00

    Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system.

  • CVE-2023-30123MedApr 28, 2023
    risk 0.35cvss 5.4epss 0.00

    wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.

Page 1 of 2