Show filters
27 Total Results
Displaying 1-10 of 27
Sort by:
Attacker Value
Unknown
CVE-2025-0480
Disclosure Date: January 15, 2025 (last updated January 16, 2025)
A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
0
Attacker Value
Unknown
CVE-2024-10505
Disclosure Date: October 30, 2024 (last updated November 07, 2024)
A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Initially two separate issues were created by the researcher for the different function calls. The vendor was contacted early about this disclosure but did not respond in any way.
0
Attacker Value
Unknown
CVE-2023-46482
Disclosure Date: November 01, 2023 (last updated November 09, 2023)
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.
0
Attacker Value
Unknown
CVE-2020-36037
Disclosure Date: August 11, 2023 (last updated October 08, 2023)
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.
0
Attacker Value
Unknown
CVE-2020-21325
Disclosure Date: June 20, 2023 (last updated October 08, 2023)
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.
0
Attacker Value
Unknown
CVE-2020-20413
Disclosure Date: June 20, 2023 (last updated October 08, 2023)
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.
0
Attacker Value
Unknown
CVE-2023-30123
Disclosure Date: April 28, 2023 (last updated October 08, 2023)
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.
0
Attacker Value
Unknown
CVE-2022-36168
Disclosure Date: August 26, 2022 (last updated October 08, 2023)
A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:
0
Attacker Value
Unknown
CVE-2021-41654
Disclosure Date: June 16, 2022 (last updated February 23, 2025)
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php
0
Attacker Value
Unknown
CVE-2020-28145
Disclosure Date: October 12, 2021 (last updated February 23, 2025)
Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.
0