Total
57 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52064 | 1 Wuzhicms | 1 Wuzhicms | 2025-06-03 | N/A | 9.8 CRITICAL |
|
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.
|
|||||
| CVE-2025-0480 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-13 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-31008 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-13 | N/A | 6.5 MEDIUM |
|
An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.
|
|||||
| CVE-2024-32206 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A | 4.6 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter.
|
|||||
| CVE-2018-10368 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement.
|
|||||
| CVE-2020-19770 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie.
|
|||||
| CVE-2018-11493 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.
|
|||||
| CVE-2018-10391 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.
|
|||||
| CVE-2023-31860 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A | 5.4 MEDIUM |
|
Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system.
|
|||||
| CVE-2018-10367 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.
|
|||||
| CVE-2020-20122 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
|
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
|
|||||
| CVE-2018-10311 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.
|
|||||
| CVE-2018-11528 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
|
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.
|
|||||
| CVE-2022-27431 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
|
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.
|
|||||
| CVE-2019-9107 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.
|
|||||
| CVE-2019-9110 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.
|
|||||
| CVE-2018-14512 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server" screen, the XSS payload is triggered.
|
|||||
| CVE-2020-19897 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
|
|||||
| CVE-2018-17425 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 5.4 MEDIUM |
|
WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.
|
|||||
| CVE-2018-10313 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 5.4 MEDIUM |
|
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.
|
|||||
| CVE-2018-10312 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 6.8 MEDIUM | 8.8 HIGH |
|
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
|
|||||
| CVE-2018-18711 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info.
|
|||||
| CVE-2018-10248 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 5.8 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.
|
|||||
| CVE-2018-18938 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.
|
|||||
| CVE-2018-17426 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 5.4 MEDIUM |
|
WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI.
|
|||||
| CVE-2018-11549 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.
|
|||||
| CVE-2018-18712 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1.
|
|||||
| CVE-2019-9109 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php.
|
|||||
| CVE-2020-20124 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 6.5 MEDIUM | 8.8 HIGH |
|
Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.
|
|||||
| CVE-2025-3563 | 1 Wuzhicms | 1 Wuzhicms | 2025-04-29 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-25916 | 1 Wuzhicms | 1 Wuzhicms | 2025-04-29 | N/A | 5.4 MEDIUM |
|
wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php.
|
|||||
| CVE-2023-30123 | 1 Wuzhicms | 1 Wuzhicms | 2025-01-30 | N/A | 5.4 MEDIUM |
|
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.
|
|||||
| CVE-2020-20413 | 1 Wuzhicms | 1 Wuzhicms | 2024-12-10 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.
|
|||||
| CVE-2020-21325 | 1 Wuzhicms | 1 Wuzhicms | 2024-12-09 | N/A | 8.8 HIGH |
|
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.
|
|||||
| CVE-2023-46482 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.
|
|||||
| CVE-2022-36168 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A | 2.7 LOW |
|
A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:
|
|||||
| CVE-2021-41654 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php
|
|||||
| CVE-2021-40674 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.
|
|||||
| CVE-2021-40670 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
|
|||||
| CVE-2021-40669 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.
|
|||||