Show filters
33 Total Results
Displaying 1-10 of 33
Sort by:
Attacker Value
Unknown

CVE-2023-52064

Disclosure Date: January 10, 2024 (last updated January 18, 2024)
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-19897

Disclosure Date: June 28, 2022 (last updated February 24, 2025)
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-27431

Disclosure Date: May 04, 2022 (last updated February 23, 2025)
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-19770

Disclosure Date: December 21, 2021 (last updated February 23, 2025)
A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-20122

Disclosure Date: September 28, 2021 (last updated February 23, 2025)
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-20124

Disclosure Date: September 28, 2021 (last updated February 23, 2025)
Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-17425

Disclosure Date: March 07, 2019 (last updated November 27, 2024)
WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.
0
0
Attacker Value
Unknown

CVE-2018-17426

Disclosure Date: March 07, 2019 (last updated November 27, 2024)
WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI.
0
0
Attacker Value
Unknown

CVE-2019-9107

Disclosure Date: February 25, 2019 (last updated November 27, 2024)
XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.
0
0
Attacker Value
Unknown

CVE-2019-9109

Disclosure Date: February 25, 2019 (last updated November 27, 2024)
XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php.
0
0
View More Topics  Next >