NotCVE - vendor:"Wuzhicms" product:"Wuzhicms" version:"4.1.0"

Page 2 of 24 results (0.009 seconds)

CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 2

CVE-2022-36168

https://notcve.org/view.php?id=CVE-2022-36168

A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: Se ha detectado una vulnerabilidad de salto de directorio en Wuzhicms versión 4.1.0. por medio del archivo /coreframe/app/attachment/admin/index.php: • https://github.com/Cigar-Fasion/CVE/issues/1 https://github.com/wuzhicms/wuzhicms/issues/202 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-41654

https://notcve.org/view.php?id=CVE-2021-41654

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php Se presentan vulnerabilidades de inyección SQL en Wuzhicms versión v4.1.0, que permiten a atacantes ejecutar comandos SQL arbitrarios por medio del parámetro $keyValue en el archivo /coreframe/app/pay/admin/index.php • https://github.com/wuzhicms/wuzhicms/issues/198 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-24930

https://notcve.org/view.php?id=CVE-2020-24930

Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files. Beijing Wuzhi Internet Technology Co. • https://github.com/wuzhicms/wuzhicms/issues/191 https://www.cnvd.org.cn/flaw/show/2394661 •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-19553

https://notcve.org/view.php?id=CVE-2020-19553

Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en WUZHI CMS versiones hasta 4.1.0 incluyéndola , en la función config en el archivo coreframe/app/attachment/libs/class/ckditor.class.php • https://github.com/wuzhicms/wuzhicms/issues/179 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-19551

https://notcve.org/view.php?id=CVE-2020-19551

Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. Se presenta un problema de omisión de la Lista Negra en WUZHI CMS versiones hasta 4.1.0 incluyéndola, en el archivo common.func.php, que cuando se carga puede causar una ejecución de código remota • https://github.com/wuzhicms/wuzhicms/issues/177 • CWE-863: Incorrect Authorization •

1 2 3 4 5