CVEDB API

Vulnerabilities

Vulnerable Software

Wuzhicms: >> Wuzhicms >> 4.1.0 Security Vulnerabilities

CVE-2020-20413

SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.

CVSS Score

9.8

EPSS Score

0.006

Published

2023-06-20

CVE-2023-30123

wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.

CVSS Score

5.4

EPSS Score

0.001

Published

2023-04-28

CVE-2022-36168

A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:

CVSS Score

2.7

EPSS Score

0.002

Published

2022-08-26

CVE-2020-19897

A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.

CVSS Score

6.1

EPSS Score

0.003

Published

2022-06-28

CVE-2021-41654

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php

CVSS Score

9.8

EPSS Score

0.003

Published

2022-06-16

CVE-2022-27431

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.

CVSS Score

9.8

EPSS Score

0.002

Published

2022-05-04

CVE-2020-19770

A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie.

CVSS Score

5.4

EPSS Score

0.002

Published

2021-12-21

CVE-2020-20122

Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.

CVSS Score

9.8

EPSS Score

0.003

Published

2021-09-28

CVE-2020-20124

Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.

CVSS Score

8.8

EPSS Score

0.031

Published

2021-09-28

CVE-2020-24930

Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.

CVSS Score

8.1

EPSS Score

0.002

Published

2021-09-27

Prev Next

Page 2

Vulnerabilities

Vulnerable Software

Wuzhicms: >> Wuzhicms >> 4.1.0 Security Vulnerabilities

Products

Pricing

Contact Us