Shodan
Vulnerabilities
Vulnerable Software
Wuzhicms:  >> Wuzhicms  Security Vulnerabilities
CVE-2018-18711
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-10-29
CVE-2018-14512
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server" screen, the XSS payload is triggered.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-07-23
CVE-2018-14472
An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.
CVSS Score
7.2
EPSS Score
0.006
Published
2018-07-20
CVE-2018-11722
WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-06-05
CVE-2018-11549
An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-05-29
CVE-2018-11528
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-05-29
CVE-2018-11493
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-05-26
CVE-2018-10391
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-26
CVE-2018-10367
An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-25
CVE-2018-10368
An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved