27 results (0.005 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-52064

https://notcve.org/view.php?id=CVE-2023-52064

10 Jan 2024 — Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. Se descubrió que Wuzhicms v4.1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro $keywords en /core/admin/copyfrom.php. • https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-31860

https://notcve.org/view.php?id=CVE-2023-31860

23 May 2023 — Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. • https://github.com/wuzhicms/b2b/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-19897

https://notcve.org/view.php?id=CVE-2020-19897

28 Jun 2022 — A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. Un ataque de tipo Cross Site Scripting (XSS) reflejado en wuzhicms versión v4.1.0, permite a atacantes remotos ejecutar un script web o HTML arbitrario por medio del parámetro imgurl • https://github.com/wuzhicms/wuzhicms/issues/183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-27431

https://notcve.org/view.php?id=CVE-2022-27431

04 May 2022 — Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. Se ha detectado que Wuzhicms versión v4.1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro groupid en el archivo /coreframe/app/member/admin/group.php • https://github.com/wuzhicms/wuzhicms/issues/200 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-19770

https://notcve.org/view.php?id=CVE-2020-19770

21 Dec 2021 — A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie. Una vulnerabilidad de tipo cross-site scripting (XSS) en el componente system bulletin de WUZHI CMS versión v4.1.0, permite a atacantes robar la cookie del administrador • https://github.com/wuzhicms/wuzhicms/issues/180 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 1

CVE-2020-20124

https://notcve.org/view.php?id=CVE-2020-20124

28 Sep 2021 — Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. Wuzhi CMS versión v4.1.0, contiene una vulnerabilidad de ejecución de código remota (RCE) en el archivo \attachment\admin\index.php • https://cwe.mitre.org/data/definitions/96.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-20122

https://notcve.org/view.php?id=CVE-2020-20122

28 Sep 2021 — Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. Wuzhi CMS versión v4.1, contiene una vulnerabilidad de inyección SQL en la función checktitle() en el archivo /coreframe/app/content/admin/content.php • https://github.com/SuperSalsa20/WUZHICMS-SQL-Injection/blob/master/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-17425

https://notcve.org/view.php?id=CVE-2018-17425

07 Mar 2019 — WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI. WUZHI CMS, en su versión 4.1.0, tiene Cross-Site Scripting (XSS) persistente mediante los campos "Membership Center", "I want to ask" y "detailed description" en el URI index.php?m=member. • https://github.com/wuzhicms/wuzhicms/issues/153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-17426

https://notcve.org/view.php?id=CVE-2018-17426

07 Mar 2019 — WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI. WUZHI CMS, en su versión 4.1.0, tiene Cross-Site Scripting (XSS) persistente mediante los campos "Extension module" y "SMS in station" en el URI index.php?m=core. • https://github.com/wuzhicms/wuzhicms/issues/154 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2019-9107

https://notcve.org/view.php?id=CVE-2019-9107

25 Feb 2019 — XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. Existe Cross-Site Scripting (XSS) en WUZHI CMS 4.1.0 mediante index.php?m=attachmentf=imagecutv=initimgurl=[XSS] en coreframe/app/attachment/imagecut.php. • https://gist.github.com/redeye5/ccbbc43330cc9821062249b78c916317 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •