Search Results | AttackerKB

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2022-31393

Disclosure Date: June 09, 2022 (last updated February 23, 2025)

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2022-31390

Disclosure Date: June 09, 2022 (last updated February 23, 2025)

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2022-27429

Disclosure Date: April 25, 2022 (last updated February 23, 2025)

Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2020-28145

Disclosure Date: October 12, 2021 (last updated February 23, 2025)

Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.

Attack Vector: Network Privileges: None User Interaction: None

52 Total Results

Displaying 21-30 of 52

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification