CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-52064
https://notcve.org/view.php?id=CVE-2023-52064
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. Se descubrió que Wuzhicms v4.1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro $keywords en /core/admin/copyfrom.php. • https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea https://github.com/wuzhicms/wuzhicms/issues/208 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46482
https://notcve.org/view.php?id=CVE-2023-46482
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. Vulnerabilidad de inyección SQL en wuzhicms v.4.1.0 permite a un atacante remoto ejecutar código arbitrario a través de la funcionalidad de copia de seguridad de la base de datos en el componente coreframe/app/database/admin/index.php. • https://github.com/XTo-o1/PHP/blob/main/wuzhicms/WUZHI%20CMS%20v4.1.0%20SQL%20Injection%20Vulnerability%20in%20Database%20Backup%20Functionality.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36037
https://notcve.org/view.php?id=CVE-2020-36037
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php. • https://github.com/wuzhicms/wuzhicms/issues/192 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20413
https://notcve.org/view.php?id=CVE-2020-20413
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. • https://github.com/SuperSalsa20/WUZHICMS-SQL-Injection/blob/master/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21325
https://notcve.org/view.php?id=CVE-2020-21325
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file. • https://github.com/wuzhicms/wuzhicms/issues/188 • CWE-434: Unrestricted Upload of File with Dangerous Type •