CVE-2018-15894
https://notcve.org/view.php?id=CVE-2018-15894
A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter. Se ha descubierto una inyección SQL en /coreframe/app/admin/pay/admin/index.php en WUZHI CMS 4.1.0 mediante el parámetro keyValue en index.php?m=payf=indexv=listing. • https://github.com/wuzhicms/wuzhicms/issues/150 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-14513
https://notcve.org/view.php?id=CVE-2018-14513
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. Se ha descubierto una vulnerabilidad de Cross-Site Scripting (XSS) en WUZHI CMS 4.1.0. Hay Cross-Site Scripting (XSS) persistente que permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro form[content] en el URI index.php? • https://github.com/wuzhicms/wuzhicms/issues/145 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-14515
https://notcve.org/view.php?id=CVE-2018-14515
A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. Se ha descubierto una inyección SQL en WUZHI CMS 4.1.0 que permite que atacantes remotos inyecten una instrucción SQL maliciosa mediante el parámetro keywords en index.php?m=promotef=indexv=search. • https://github.com/wuzhicms/wuzhicms/issues/146 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •