Filtered by vendor Wuzhicms
Subscribe
Total
52 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10505 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-06 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Initially two separate issues were created by the researcher for the different function calls. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-52064 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-02-05 | N/A | 9.8 CRITICAL |
| Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. | |||||
| CVE-2020-36037 | 1 Wuzhicms | 1 Wuzhicms | 2024-02-05 | N/A | 8.8 HIGH |
| An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php. | |||||
| CVE-2020-21325 | 1 Wuzhicms | 1 Wuzhicms | 2024-02-04 | N/A | 8.8 HIGH |
| An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file. | |||||
| CVE-2023-30123 | 1 Wuzhicms | 1 Wuzhicms | 2024-02-04 | N/A | 5.4 MEDIUM |
| wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. | |||||
| CVE-2023-31860 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-02-04 | N/A | 5.4 MEDIUM |
| Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. | |||||
| CVE-2020-20413 | 1 Wuzhicms | 1 Wuzhicms | 2024-02-04 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. | |||||
| CVE-2022-36168 | 1 Wuzhicms | 1 Wuzhicms | 2024-02-04 | N/A | 2.7 LOW |
| A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: | |||||
| CVE-2022-27431 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. | |||||
| CVE-2020-19897 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. | |||||
| CVE-2021-41654 | 1 Wuzhicms | 1 Wuzhicms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php | |||||
| CVE-2021-40669 | 1 Wuzhicms | 1 Wuzhicms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file. | |||||
| CVE-2020-19915 | 1 Wuzhicms | 1 Wuzhicms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. | |||||
| CVE-2020-19551 | 1 Wuzhicms | 1 Wuzhicms | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. | |||||
| CVE-2020-20124 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. | |||||
| CVE-2020-19770 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie. | |||||
| CVE-2021-40670 | 1 Wuzhicms | 1 Wuzhicms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file. | |||||
| CVE-2020-28145 | 1 Wuzhicms | 1 Wuzhicms | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. | |||||
| CVE-2020-20122 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. | |||||
| CVE-2020-19553 | 1 Wuzhicms | 1 Wuzhicms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. | |||||