Shodan
Vulnerabilities
Vulnerable Software
Wuzhicms:  >> Wuzhicms  Security Vulnerabilities
CVE-2020-20124
Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.
CVSS Score
8.8
EPSS Score
0.031
Published
2021-09-28
CVE-2020-24930
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.
CVSS Score
8.1
EPSS Score
0.002
Published
2021-09-27
CVE-2020-19551
Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.
CVSS Score
8.8
EPSS Score
0.009
Published
2021-09-21
CVE-2020-19553
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-09-21
CVE-2020-19915
Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-09-20
CVE-2021-40674
An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-09-20
CVE-2021-40669
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-09-16
CVE-2021-40670
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-09-16
CVE-2020-18877
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-08-20
CVE-2020-18654
Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".
CVSS Score
6.1
EPSS Score
0.01
Published
2021-06-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved