Wuzhicms: >> Wuzhicms Security Vulnerabilities
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2023-06-20
Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-23
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-28
A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:
CVSS Score
2.7
EPSS Score
0.002
Published
2022-08-26
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-06-28
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php
CVSS Score
9.8
EPSS Score
0.003
Published
2022-06-16
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-05-04
A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-12-21
Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-10-12
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-09-28