Search Results | AttackerKB

SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2020-18654

Disclosure Date: June 22, 2021 (last updated February 22, 2025)

Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2020-21590

Disclosure Date: April 02, 2021 (last updated February 22, 2025)

Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2018-17425

Disclosure Date: March 07, 2019 (last updated November 27, 2024)

WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.

Attacker Value

Unknown

CVE-2018-17426

Disclosure Date: March 07, 2019 (last updated November 27, 2024)

WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI.

Attacker Value

Unknown

CVE-2019-9108

Disclosure Date: February 25, 2019 (last updated November 27, 2024)

XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php.

Attacker Value

Unknown

CVE-2019-9107

Disclosure Date: February 25, 2019 (last updated November 27, 2024)

XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.

53 Total Results

Displaying 21-30 of 53

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification