Vendor CVEs
WuzhiCMS
All CVEs
66 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-52064 | Cri | 0.64 | 9.8 | 0.01 | Jan 10, 2024 | Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. | ||
| CVE-2023-46482 | Cri | 0.64 | 9.8 | 0.01 | Nov 1, 2023 | SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. | ||
| CVE-2020-20413 | Cri | 0.64 | 9.8 | 0.01 | Jun 20, 2023 | SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. | ||
| CVE-2021-41654 | Cri | 0.64 | 9.8 | 0.01 | Jun 16, 2022 | SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php | ||
| CVE-2022-27431 | Cri | 0.64 | 9.8 | 0.01 | May 4, 2022 | Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. | ||
| CVE-2020-20122 | Cri | 0.64 | 9.8 | 0.01 | Sep 28, 2021 | Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. | ||
| CVE-2021-40674 | Cri | 0.64 | 9.8 | 0.01 | Sep 20, 2021 | An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php. | ||
| CVE-2021-40670 | Cri | 0.64 | 9.8 | 0.01 | Sep 16, 2021 | SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file. | ||
| CVE-2021-40669 | Cri | 0.64 | 9.8 | 0.01 | Sep 16, 2021 | SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file. | ||
| CVE-2018-20572 | Cri | 0.64 | 9.8 | 0.02 | Dec 28, 2018 | WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | ||
| CVE-2018-17852 | Cri | 0.64 | 9.8 | 0.02 | Oct 1, 2018 | A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. | ||
| CVE-2018-15894 | Cri | 0.64 | 9.8 | 0.02 | Aug 27, 2018 | A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter. | ||
| CVE-2018-15893 | Cri | 0.64 | 9.8 | 0.02 | Aug 27, 2018 | A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter. | ||
| CVE-2018-14515 | Cri | 0.64 | 9.8 | 0.02 | Jul 23, 2018 | A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. | ||
| CVE-2018-11722 | Cri | 0.64 | 9.8 | 0.02 | Jun 5, 2018 | WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. | ||
| CVE-2018-11528 | Cri | 0.64 | 9.8 | 0.02 | May 29, 2018 | WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. | ||
| CVE-2018-10312 | Hig | 0.60 | 8.8 | 0.02 | Apr 24, 2018 | index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member. | ||
| CVE-2018-9926 | Hig | 0.60 | 8.8 | 0.03 | Apr 10, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add. | ||
| CVE-2020-36037 | Hig | 0.57 | 8.8 | 0.01 | Aug 11, 2023 | An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php. | ||
| CVE-2020-21325 | Hig | 0.57 | 8.8 | 0.01 | Jun 20, 2023 | An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file. | ||
| CVE-2020-20124 | Hig | 0.57 | 8.8 | 0.03 | Sep 28, 2021 | Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. | ||
| CVE-2020-19551 | Hig | 0.57 | 8.8 | 0.02 | Sep 21, 2021 | Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. | ||
| CVE-2018-18712 | Hig | 0.57 | 8.8 | 0.01 | Oct 29, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1. | ||
| CVE-2018-18711 | Hig | 0.57 | 8.8 | 0.01 | Oct 29, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info. | ||
| CVE-2018-11493 | Hig | 0.57 | 8.8 | 0.01 | May 26, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add. | ||
| CVE-2018-9927 | Hig | 0.57 | 8.8 | 0.01 | Apr 10, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add. | ||
| CVE-2020-24930 | Hig | 0.53 | 8.1 | 0.01 | Sep 27, 2021 | Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files. | ||
| CVE-2020-28145 | Hig | 0.49 | 7.5 | 0.01 | Oct 12, 2021 | Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. | ||
| CVE-2020-18877 | Hig | 0.49 | 7.5 | 0.01 | Aug 20, 2021 | SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'. | ||
| CVE-2018-14472 | Hig | 0.47 | 7.2 | 0.02 | Jul 20, 2018 | An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection. | ||
| CVE-2018-17832 | Med | 0.43 | 6.1 | 0.02 | Oct 1, 2018 | XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. | ||
| CVE-2018-10311 | Med | 0.43 | 6.1 | 0.03 | Apr 24, 2018 | A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI. | ||
| CVE-2024-31008 | Med | 0.42 | 6.5 | 0.01 | Apr 3, 2024 | An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file. | ||
| CVE-2018-10248 | Med | 0.42 | 6.5 | 0.01 | Apr 20, 2018 | An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete. | ||
| CVE-2024-10505 | Med | 0.41 | 6.3 | 0.01 | Oct 30, 2024 | A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been… | ||
| CVE-2020-19897 | Med | 0.40 | 6.1 | 0.01 | Jun 28, 2022 | A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. | ||
| CVE-2020-19915 | Med | 0.40 | 6.1 | 0.01 | Sep 20, 2021 | Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. | ||
| CVE-2020-18654 | Med | 0.40 | 6.1 | 0.01 | Jun 22, 2021 | Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php". | ||
| CVE-2019-9110 | Med | 0.40 | 6.1 | 0.01 | Feb 25, 2019 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php. | ||
| CVE-2019-9109 | Med | 0.40 | 6.1 | 0.01 | Feb 25, 2019 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php. | ||
| CVE-2019-9108 | Med | 0.40 | 6.1 | 0.01 | Feb 25, 2019 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php. | ||
| CVE-2019-9107 | Med | 0.40 | 6.1 | 0.01 | Feb 25, 2019 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. | ||
| CVE-2018-16350 | Med | 0.40 | 6.1 | 0.01 | Sep 2, 2018 | WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. | ||
| CVE-2018-16349 | Med | 0.40 | 6.1 | 0.01 | Sep 2, 2018 | WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. | ||
| CVE-2018-14513 | Med | 0.40 | 6.1 | 0.01 | Jul 23, 2018 | An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. | ||
| CVE-2018-14512 | Med | 0.40 | 6.1 | 0.01 | Jul 23, 2018 | An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings… | ||
| CVE-2018-10313 | Med | 0.38 | 5.4 | 0.02 | Apr 24, 2018 | WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI. | ||
| CVE-2025-25916 | Med | 0.35 | 5.4 | 0.00 | Feb 28, 2025 | wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php. | ||
| CVE-2023-31860 | Med | 0.35 | 5.4 | 0.00 | May 23, 2023 | Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. | ||
| CVE-2023-30123 | Med | 0.35 | 5.4 | 0.00 | Apr 28, 2023 | wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. |
- risk 0.64cvss 9.8epss 0.01
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php
- risk 0.64cvss 9.8epss 0.01
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.
- risk 0.64cvss 9.8epss 0.01
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
- risk 0.64cvss 9.8epss 0.01
An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.
- risk 0.64cvss 9.8epss 0.01
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
- risk 0.64cvss 9.8epss 0.01
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.
- risk 0.64cvss 9.8epss 0.02
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
- risk 0.64cvss 9.8epss 0.02
A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI.
- risk 0.64cvss 9.8epss 0.02
A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter.
- risk 0.64cvss 9.8epss 0.02
A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.
- risk 0.64cvss 9.8epss 0.02
A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter.
- risk 0.64cvss 9.8epss 0.02
WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.
- risk 0.64cvss 9.8epss 0.02
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.
- risk 0.60cvss 8.8epss 0.02
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
- risk 0.60cvss 8.8epss 0.03
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.
- risk 0.57cvss 8.8epss 0.01
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.
- risk 0.57cvss 8.8epss 0.01
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.
- risk 0.57cvss 8.8epss 0.03
Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.
- risk 0.57cvss 8.8epss 0.02
Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add.
- risk 0.53cvss 8.1epss 0.01
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.
- risk 0.49cvss 7.5epss 0.01
Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.
- risk 0.49cvss 7.5epss 0.01
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.
- risk 0.47cvss 7.2epss 0.02
An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.
- risk 0.43cvss 6.1epss 0.02
XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter.
- risk 0.43cvss 6.1epss 0.03
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been…
- risk 0.40cvss 6.1epss 0.01
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".
- risk 0.40cvss 6.1epss 0.01
XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.
- risk 0.40cvss 6.1epss 0.01
XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php.
- risk 0.40cvss 6.1epss 0.01
XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php.
- risk 0.40cvss 6.1epss 0.01
XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.
- risk 0.40cvss 6.1epss 0.01
WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter.
- risk 0.40cvss 6.1epss 0.01
WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter.
- risk 0.40cvss 6.1epss 0.01
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI.
- risk 0.40cvss 6.1epss 0.01
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings…
- risk 0.38cvss 5.4epss 0.02
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.
- risk 0.35cvss 5.4epss 0.00
wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php.
- risk 0.35cvss 5.4epss 0.00
Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system.
- risk 0.35cvss 5.4epss 0.00
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.
Page 1 of 2