CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2023-46482
https://notcve.org/view.php?id=CVE-2023-46482
01 Nov 2023 — SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. Vulnerabilidad de inyección SQL en wuzhicms v.4.1.0 permite a un atacante remoto ejecutar código arbitrario a través de la funcionalidad de copia de seguridad de la base de datos en el componente coreframe/app/database/admin/index.php. • https://github.com/XTo-o1/PHP/blob/main/wuzhicms/WUZHI%20CMS%20v4.1.0%20SQL%20Injection%20Vulnerability%20in%20Database%20Backup%20Functionality.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36037
https://notcve.org/view.php?id=CVE-2020-36037
11 Aug 2023 — An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php. • https://github.com/wuzhicms/wuzhicms/issues/192 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20413
https://notcve.org/view.php?id=CVE-2020-20413
20 Jun 2023 — SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. • https://github.com/SuperSalsa20/WUZHICMS-SQL-Injection/blob/master/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2020-21325
https://notcve.org/view.php?id=CVE-2020-21325
20 Jun 2023 — An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file. • https://github.com/wuzhicms/wuzhicms/issues/188 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30123
https://notcve.org/view.php?id=CVE-2023-30123
28 Apr 2023 — wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. • https://github.com/wuzhicms/wuzhicms/issues/205#issue-1635153937 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 2CVE-2022-36168
https://notcve.org/view.php?id=CVE-2022-36168
25 Aug 2022 — A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: Se ha detectado una vulnerabilidad de salto de directorio en Wuzhicms versión 4.1.0. por medio del archivo /coreframe/app/attachment/admin/index.php: • https://github.com/Cigar-Fasion/CVE/issues/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41654
https://notcve.org/view.php?id=CVE-2021-41654
16 Jun 2022 — SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php Se presentan vulnerabilidades de inyección SQL en Wuzhicms versión v4.1.0, que permiten a atacantes ejecutar comandos SQL arbitrarios por medio del parámetro $keyValue en el archivo /coreframe/app/pay/admin/index.php • https://github.com/wuzhicms/wuzhicms/issues/198 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28145
https://notcve.org/view.php?id=CVE-2020-28145
12 Oct 2021 — Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. Se ha detectado una vulnerabilidad de borrado arbitrario de archivos en wuzhicms versión v 4.0.1, por medio del archivo coreframe\app\attachment\admin\index.php, que permite a atacantes acceder a información confidencial • https://github.com/wuzhicms/wuzhicms/issues/191 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24930
https://notcve.org/view.php?id=CVE-2020-24930
27 Sep 2021 — Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files. Beijing Wuzhi Internet Technology Co. • https://github.com/wuzhicms/wuzhicms/issues/191 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19553
https://notcve.org/view.php?id=CVE-2020-19553
21 Sep 2021 — Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en WUZHI CMS versiones hasta 4.1.0 incluyéndola , en la función config en el archivo coreframe/app/attachment/libs/class/ckditor.class.php • https://github.com/wuzhicms/wuzhicms/issues/179 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •