NotCVE - vendor:"Wuzhicms" product:"Wuzhicms" version:" <= 4.1.0"

Page 2 of 25 results (0.007 seconds)

CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 2

CVE-2022-36168

https://notcve.org/view.php?id=CVE-2022-36168

A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: Se ha detectado una vulnerabilidad de salto de directorio en Wuzhicms versión 4.1.0. por medio del archivo /coreframe/app/attachment/admin/index.php: • https://github.com/Cigar-Fasion/CVE/issues/1 https://github.com/wuzhicms/wuzhicms/issues/202 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-41654

https://notcve.org/view.php?id=CVE-2021-41654

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php Se presentan vulnerabilidades de inyección SQL en Wuzhicms versión v4.1.0, que permiten a atacantes ejecutar comandos SQL arbitrarios por medio del parámetro $keyValue en el archivo /coreframe/app/pay/admin/index.php • https://github.com/wuzhicms/wuzhicms/issues/198 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-28145

https://notcve.org/view.php?id=CVE-2020-28145

Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. Se ha detectado una vulnerabilidad de borrado arbitrario de archivos en wuzhicms versión v 4.0.1, por medio del archivo coreframe\app\attachment\admin\index.php, que permite a atacantes acceder a información confidencial • https://github.com/wuzhicms/wuzhicms/issues/191 https://www.cnvd.org.cn/flaw/show/2394661 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-24930

https://notcve.org/view.php?id=CVE-2020-24930

Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files. Beijing Wuzhi Internet Technology Co. • https://github.com/wuzhicms/wuzhicms/issues/191 https://www.cnvd.org.cn/flaw/show/2394661 •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-19553

https://notcve.org/view.php?id=CVE-2020-19553

Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en WUZHI CMS versiones hasta 4.1.0 incluyéndola , en la función config en el archivo coreframe/app/attachment/libs/class/ckditor.class.php • https://github.com/wuzhicms/wuzhicms/issues/179 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5