Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Wuzhicms Subscribe
Filtered by product Wuzhicms

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-36037 1 Wuzhicms 1 Wuzhicms 2023-08-15 N/A 8.8 HIGH
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.
CVE-2020-28145 1 Wuzhicms 1 Wuzhicms 2021-10-18 5.0 MEDIUM 7.5 HIGH
Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.
CVE-2020-24930 1 Wuzhicms 1 Wuzhicms 2021-10-06 5.5 MEDIUM 8.1 HIGH
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.
CVE-2020-19551 1 Wuzhicms 1 Wuzhicms 2021-10-01 6.5 MEDIUM 8.8 HIGH
Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.
CVE-2020-18877 1 Wuzhicms 1 Wuzhicms 2021-08-23 5.0 MEDIUM 7.5 HIGH
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.
CVE-2018-9927 1 Wuzhicms 1 Wuzhicms 2019-02-27 6.8 MEDIUM 8.8 HIGH
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add.
CVE-2018-9926 1 Wuzhicms 1 Wuzhicms 2019-02-27 6.8 MEDIUM 8.8 HIGH
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.
CVE-2018-14472 1 Wuzhicms 1 Wuzhicms 2018-09-14 6.5 MEDIUM 7.2 HIGH
An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.