Search Results | AttackerKB

Show filters

Topics 76 Users 9,716

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

76 Total Results

Displaying 41-50 of 76

Attacker Value

Unknown

CVE-2021-40669

Disclosure Date: September 16, 2021 (last updated February 23, 2025)

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2021-40670

Disclosure Date: September 16, 2021 (last updated February 23, 2025)

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2020-21483

Disclosure Date: September 15, 2021 (last updated February 23, 2025)

An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.

Attack Vector: Network Privileges: High User Interaction: None

0

Attacker Value

Unknown

CVE-2020-18877

Disclosure Date: August 20, 2021 (last updated February 23, 2025)

SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2020-18654

Disclosure Date: June 22, 2021 (last updated February 22, 2025)

Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2020-21590

Disclosure Date: April 02, 2021 (last updated February 22, 2025)

Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2020-23644

Disclosure Date: January 11, 2021 (last updated February 22, 2025)

XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2020-23643

Disclosure Date: January 11, 2021 (last updated February 22, 2025)

XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2019-17593

Disclosure Date: October 14, 2019 (last updated November 27, 2024)

JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2018-17425

Disclosure Date: March 07, 2019 (last updated November 27, 2024)

WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.

0