Known Vulnerabilities for products from Wuzhicms
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Wuzhicms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-46482 json | SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Fu... | 9.8 - CRITICAL | 2023-11-01 | 2023-11-09 |
| CVE-2023-31860 json | Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. | 5.4 - MEDIUM | 2023-05-23 | 2023-06-21 |
| CVE-2023-30123 json | wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. | 5.4 - MEDIUM | 2023-04-28 | 2023-05-05 |
| CVE-2022-36168 json | A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: | 2.7 - LOW | 2022-08-26 | 2022-08-31 |
| CVE-2022-27431 json | Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/ad... | 9.8 - CRITICAL | 2022-05-04 | 2022-05-11 |
| CVE-2021-41654 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-06-16 | 2022-06-27 |
| CVE-2021-40674 json | An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php. | 9.8 - CRITICAL | 2021-09-20 | 2021-09-28 |
| CVE-2021-40670 json | SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.p... | 9.8 - CRITICAL | 2021-09-16 | 2021-09-27 |
| CVE-2021-40669 json | SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.... | 9.8 - CRITICAL | 2021-09-16 | 2021-09-27 |
| CVE-2020-36037 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-08-11 | 2023-08-15 |
| CVE-2020-28145 json | Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which ... | 7.5 - HIGH | 2021-10-12 | 2021-10-18 |
| CVE-2020-24930 json | Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS... | 8.1 - HIGH | 2021-09-27 | 2021-10-06 |
| CVE-2020-21590 json | Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary ... | 4.3 - MEDIUM | 2021-04-02 | 2021-04-08 |
| CVE-2020-21325 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-06-20 | 2023-06-27 |
| CVE-2020-20413 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2023-06-20 | 2023-06-27 |
| CVE-2020-20124 json | Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. | 8.8 - HIGH | 2021-09-28 | 2022-09-14 |
| CVE-2020-20122 json | Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.ph... | 9.8 - CRITICAL | 2021-09-28 | 2021-10-06 |
| CVE-2020-19915 json | Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. | 6.1 - MEDIUM | 2021-09-20 | 2021-09-29 |
| CVE-2020-19897 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-06-28 | 2022-07-07 |
| CVE-2020-19770 json | A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the... | 5.4 - MEDIUM | 2021-12-21 | 2021-12-30 |