Wuzhicms: >> Wuzhicms >> 4.1.0 Security Vulnerabilities
Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.
CVSS Score
8.8
EPSS Score
0.009
Published
2021-09-21
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-09-21
Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-09-20
An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-09-20
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-09-16
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-09-16
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-08-20
Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".
CVSS Score
6.1
EPSS Score
0.01
Published
2021-06-22
Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-04-02
WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-03-07