Wuzhicms: >> Wuzhicms >> 4.1.0 Security Vulnerabilities
An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.
CVSS Score
7.2
EPSS Score
0.006
Published
2018-07-20
WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-06-05
An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-05-29
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-05-29
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-05-26
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-26
An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-25
An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-25
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-04-24
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-04-24