Wuzhicms: >> Wuzhicms >> 4.0.1 Security Vulnerabilities
Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-10-12
Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.
CVSS Score
8.8
EPSS Score
0.009
Published
2021-09-21
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-09-21