Wuzhicms

wuzhicms

58 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (58)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-20122 1Wuzhicms 1Wuzhicms May 5, 2025 Sep 28, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
CVE-2020-24930 1Wuzhicms 1Wuzhicms Nov 21, 2024 Sep 27, 2021 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in*.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabil...Show more Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in*.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.Show less
CVE-2020-19553 1Wuzhicms 1Wuzhicms Nov 21, 2024 Sep 21, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
CVE-2020-19551 1Wuzhicms 1Wuzhicms Nov 21, 2024 Sep 21, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.
CVE-2020-19915 1Wuzhicms 1Wuzhicms Nov 21, 2024 Sep 20, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php.
CVE-2021-40674 1Wuzhicms 1Wuzhicms Nov 21, 2024 Sep 20, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.
CVE-2021-40670 1Wuzhicms 1Wuzhicms Nov 21, 2024 Sep 16, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
CVE-2021-40669 1Wuzhicms 1Wuzhicms Nov 21, 2024 Sep 16, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.
CVE-2020-18877 1Wuzhicms 1Wuzhicms Nov 21, 2024 Aug 20, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.
CVE-2020-18654 1Wuzhicms 1Wuzhicms Nov 21, 2024 Jun 22, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".
CVE-2020-21590 1Wuzhicms 1Wuzhicms Nov 21, 2024 Apr 2, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.
CVE-2018-17426 1Wuzhicms 1Wuzhicms May 5, 2025 Mar 7, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI.
CVE-2018-17425 1Wuzhicms 1Wuzhicms May 5, 2025 Mar 7, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.
CVE-2019-9110 1Wuzhicms 1Wuzhicms May 5, 2025 Feb 25, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.
CVE-2019-9109 1Wuzhicms 1Wuzhicms May 5, 2025 Feb 25, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php.
CVE-2019-9108 1Wuzhicms 1Wuzhicms Nov 21, 2024 Feb 25, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php.
CVE-2019-9107 1Wuzhicms 1Wuzhicms May 5, 2025 Feb 25, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.
CVE-2018-20572 1Wuzhicms 1Wuzhicms Nov 21, 2024 Dec 28, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
CVE-2018-18938 1Wuzhicms 1Wuzhicms May 5, 2025 Nov 5, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.
CVE-2018-18712 1Wuzhicms 1Wuzhicms May 5, 2025 Oct 29, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1.

Previous 123 Next