Known Vulnerabilities for Wuzhicms by Wuzhicms

Listed below are 10 of the newest known vulnerabilities associated with the software "Wuzhicms" by "Wuzhicms".

These CVEs are retrieved based on exact matches on listed software and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-40674 An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php. 9.8 - CRITICAL 2021-09-20 2021-09-28
CVE-2021-40670 SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.p... 9.8 - CRITICAL 2021-09-16 2021-09-27
CVE-2021-40669 SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.... 9.8 - CRITICAL 2021-09-16 2021-09-27
CVE-2020-28145 Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which ... 9.8 - CRITICAL 2021-10-12 2021-10-12
CVE-2020-24930 Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS... 8.1 - HIGH 2021-09-27 2021-10-06
CVE-2020-21590 Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary ... 4.3 - MEDIUM 2021-04-02 2021-04-08
CVE-2020-19915 Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. 6.1 - MEDIUM 2021-09-20 2021-09-29
CVE-2020-19553 Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app... 5.4 - MEDIUM 2021-09-21 2021-09-29
CVE-2020-19551 Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote... 8.8 - HIGH 2021-09-21 2021-10-01
CVE-2020-18877 SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the com... 7.5 - HIGH 2021-08-20 2021-08-23

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationWuzhicmsWuzhicms4.1.0AllAllAll
ApplicationWuzhicmsWuzhicms4.0.0AllAllAll
ApplicationWuzhicmsWuzhicms3.1.3AllAllAll
ApplicationWuzhicmsWuzhicms3.1.2AllAllAll
ApplicationWuzhicmsWuzhicms3.1.1AllAllAll
ApplicationWuzhicmsWuzhicms3.1.0.2AllAllAll
ApplicationWuzhicmsWuzhicms3.1.0.1AllAllAll
ApplicationWuzhicmsWuzhicms3.1.0AllAllAll
ApplicationWuzhicmsWuzhicms3.0.4.0AllAllAll
ApplicationWuzhicmsWuzhicms3.0.4AllAllAll
ApplicationWuzhicmsWuzhicms3.0.3.0AllAllAll
ApplicationWuzhicmsWuzhicms3.0.3AllAllAll
ApplicationWuzhicmsWuzhicms3.0.1AllAllAll
ApplicationWuzhicmsWuzhicms3.0.0AllAllAll
ApplicationWuzhicmsWuzhicms2.1.7AllAllAll
ApplicationWuzhicmsWuzhicms2.1.6AllAllAll
ApplicationWuzhicmsWuzhicms2.1.3AllAllAll
ApplicationWuzhicmsWuzhicms2.1.2AllAllAll
ApplicationWuzhicmsWuzhicms2.0.5AllAllAll
ApplicationWuzhicmsWuzhicms2.0.4AllAllAll

Popular searches for Wuzhicms

五指CMS网站管理系统(wuzhicms)-门户网站、B2b企业黄页、企业网站、手机建站、手机网站、微信接入

www.wuzhicms.com

MS wuzhicms -B2b P130CMS

Tencent QQ Toggle.sg Mediacorp QQ Music Zhoa language QQLive Next plc Next (2005 TV series) Next (American band) Navigation Automotive navigation system Next (2007 film) .com Chery QQ3 2015 FIFA Women's World Cup 2015 in film 2015 AFL season Satellite navigation Previous (software) Telephone numbers in Nigeria

下载_五指CMS网站管理系统(wuzhicms)-门户网站、B2b企业黄页、企业网站、手机建站、手机网站、微信接入

www.wuzhicms.com/download

CMS wuzhicms -B2b

UTF-8 Tencent QQ Toggle.sg Mediacorp Patch (computing) Zhoa language Navigation QQ Music .com Automotive navigation system QQLive Satellite navigation 1 Motorola 68010 Robot navigation Telephone numbers in Nigeria Operation Toggle 2015 United Kingdom general election 010 (The Mad Capsule Markets album) 2015 AFL season

© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report