CVE-2018-17852
https://notcve.org/view.php?id=CVE-2018-17852
A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. Se ha descubierto una inyección SQL en WUZHI CMS 4.1.0 en coreframe/app/coupon/admin/card.php mediante el parámetro groupname en el URI /index.php?m=couponf=cardv=detail_listing. • https://github.com/wuzhicms/wuzhicms/issues/155 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-16350
https://notcve.org/view.php?id=CVE-2018-16350
WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. WUZHI CMS 4.1.0 tiene Cross-Site Scripting (XSS) mediante el parámetro form[statcode] en index.php?m=coref=setv=basic. • https://github.com/wuzhicms/wuzhicms/issues/148 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-16349
https://notcve.org/view.php?id=CVE-2018-16349
WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. WUZHI CMS 4.1.0 tiene Cross-Site Scripting (XSS) mediante el parámetro form[remark] en index.php?m=linkf=indexv=add. • https://github.com/wuzhicms/wuzhicms/issues/147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-15893
https://notcve.org/view.php?id=CVE-2018-15893
A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter. Se ha descubierto una inyección SQL en /coreframe/app/admin/copyfrom.php en WUZHI CMS 4.1.0 mediante el parámetro keywords en index.php?m=coref=copyfromv=listing. • https://github.com/wuzhicms/wuzhicms/issues/149 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-15894
https://notcve.org/view.php?id=CVE-2018-15894
A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter. Se ha descubierto una inyección SQL en /coreframe/app/admin/pay/admin/index.php en WUZHI CMS 4.1.0 mediante el parámetro keyValue en index.php?m=payf=indexv=listing. • https://github.com/wuzhicms/wuzhicms/issues/150 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •