27 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. Se descubrió que Wuzhicms v4.1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro $keywords en /core/admin/copyfrom.php. • https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea https://github.com/wuzhicms/wuzhicms/issues/208 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. • https://github.com/wuzhicms/b2b/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. Un ataque de tipo Cross Site Scripting (XSS) reflejado en wuzhicms versión v4.1.0, permite a atacantes remotos ejecutar un script web o HTML arbitrario por medio del parámetro imgurl • https://github.com/wuzhicms/wuzhicms/issues/183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. Se ha detectado que Wuzhicms versión v4.1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro groupid en el archivo /coreframe/app/member/admin/group.php • https://github.com/wuzhicms/wuzhicms/issues/200 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie. Una vulnerabilidad de tipo cross-site scripting (XSS) en el componente system bulletin de WUZHI CMS versión v4.1.0, permite a atacantes robar la cookie del administrador • https://github.com/wuzhicms/wuzhicms/issues/180 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •