Vulnerabilities (CVE)

Filtered by vendor Wuzhicms Subscribe

Filtered by product Wuzhicms

Total 26 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-9926	1 Wuzhicms	1 Wuzhicms	2024-11-21	6.8 MEDIUM	8.8 HIGH
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.
CVE-2018-20572	1 Wuzhicms	1 Wuzhicms	2024-11-21	7.5 HIGH	9.8 CRITICAL
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
CVE-2018-14472	1 Wuzhicms	1 Wuzhicms	2024-11-21	6.5 MEDIUM	7.2 HIGH
An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.
CVE-2018-11722	1 Wuzhicms	1 Wuzhicms	2024-11-21	7.5 HIGH	9.8 CRITICAL
WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.
CVE-2018-10221	1 Wuzhicms	1 Wuzhicms	2024-11-21	3.5 LOW	5.4 MEDIUM
An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload.
CVE-2024-10505	1 Wuzhicms	1 Wuzhicms	2024-11-06	6.5 MEDIUM	7.2 HIGH
A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Initially two separate issues were created by the researcher for the different function calls. The vendor was contacted early about this disclosure but did not respond in any way.