CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2020-21590
https://notcve.org/view.php?id=CVE-2020-21590
02 Apr 2021 — Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter. Un Salto de Directorio en el archivo coreframe/app/template/admin/index.php en WUZHI CMS versión 4.1.0, permite a atacantes listar archivos en directorios arbitrarios por medio del parámetro dir. • https://github.com/pwnninja/wuzhicms/issues/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9108
https://notcve.org/view.php?id=CVE-2019-9108
25 Feb 2019 — XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php. Existe Cross-Site Scripting (XSS) en WUZHI CMS 4.1.0 mediante index.php?m=coref=mapv=baidumapx=[XSS]y=[XSS] en coreframe/app/core/map.php. • https://gist.github.com/redeye5/ebfef23f0a063b82779151f9cde8e480 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20572
https://notcve.org/view.php?id=CVE-2018-20572
28 Dec 2018 — WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. WUZHI CMS 4.1.0 permite la inyección SQL en coreframe/app/coupon/admin/copyfrom.php mediante el parámetro keywords en index.php?m=promotef=indexv=search. Esto está relacionado con CVE-2018-15893. • https://github.com/wuzhicms/wuzhicms/issues/166 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14472
https://notcve.org/view.php?id=CVE-2018-14472
20 Jul 2018 — An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection. Se ha descubierto un problema en WUZHI CMS 4.1.0. El archivo vulnerable es coreframe/app/order/admin/goods.php. • https://github.com/wuzhicms/wuzhicms/issues/144 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11722
https://notcve.org/view.php?id=CVE-2018-11722
05 Jun 2018 — WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. WUZHI CMS 4.1.0 tiene una inyección SQL en api/uc.php mediante el parámetro "code" debido a que "UC_KEY" está embebido. • https://github.com/wuzhicms/wuzhicms/issues/141 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10221
https://notcve.org/view.php?id=CVE-2018-10221
19 Apr 2018 — An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload. Se ha descubierto un problema en WUZHI CMS V4.1.0. • https://github.com/wuzhicms/wuzhicms/issues/129 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2018-9926 – WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)
https://notcve.org/view.php?id=CVE-2018-9926
10 Apr 2018 — An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede añadir una cuenta admin mediante index.php? • https://packetstorm.news/files/id/147142 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-9927 – Wuzhi CMS 4.1.0 Add User Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-9927
10 Apr 2018 — An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede añadir una cuenta de usuario mediante index.php? • https://packetstorm.news/files/id/147141 • CWE-352: Cross-Site Request Forgery (CSRF) •