Wuzhicms

wuzhicms

Vendor: Wuzhicms • 57 CVEs

CVEs (57)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-3563 1Wuzhicms 1Wuzhicms Apr 29, 2025 Apr 14, 2025 5.1 MEDIUM· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handle...Show more A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-25916 1Wuzhicms 1Wuzhicms Apr 29, 2025 Feb 28, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php.
CVE-2025-0480 1Wuzhicms 1Wuzhicms May 13, 2025 Jan 15, 2025 5.3 MEDIUM· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads t...Show more A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-10505 1Wuzhicms 1Wuzhicms Nov 6, 2024 Oct 30, 2024 5.3 MEDIUM· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is po...Show more A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Initially two separate issues were created by the researcher for the different function calls. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-32206 1Wuzhicms 1Wuzhicms May 5, 2025 Apr 19, 2024 N/A· v4 4.6 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata p...Show more A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter.Show less
CVE-2024-31008 1Wuzhicms 1Wuzhicms May 13, 2025 Apr 3, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.
CVE-2023-52064 1Wuzhicms 1Wuzhicms Jun 3, 2025 Jan 10, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.
CVE-2023-46482 1Wuzhicms 1Wuzhicms Nov 21, 2024 Nov 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.
CVE-2020-36037 1Wuzhicms 1Wuzhicms Nov 21, 2024 Aug 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.
CVE-2020-21325 1Wuzhicms 1Wuzhicms Dec 9, 2024 Jun 20, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.
CVE-2020-20413 1Wuzhicms 1Wuzhicms Dec 10, 2024 Jun 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.
CVE-2023-31860 1Wuzhicms 1Wuzhicms May 5, 2025 May 23, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system.
CVE-2023-30123 1Wuzhicms 1Wuzhicms Jan 30, 2025 Apr 28, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.
CVE-2022-36168 1Wuzhicms 1Wuzhicms Nov 21, 2024 Aug 26, 2022 N/A· v4 2.7 LOW· v3 N/A· v2 A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:
CVE-2020-19897 1Wuzhicms 1Wuzhicms May 5, 2025 Jun 28, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
CVE-2021-41654 1Wuzhicms 1Wuzhicms Nov 21, 2024 Jun 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php
CVE-2022-27431 1Wuzhicms 1Wuzhicms May 5, 2025 May 4, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.
CVE-2020-19770 1Wuzhicms 1Wuzhicms May 5, 2025 Dec 21, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie.
CVE-2020-28145 1Wuzhicms 1Wuzhicms Nov 21, 2024 Oct 12, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.
CVE-2020-20124 1Wuzhicms 1Wuzhicms May 5, 2025 Sep 28, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.

12 3 Next