Skip to main content

Wuzhi Cms

9 CVEs product

Monthly

CVE-2018-18939 MEDIUM POC This Month

An issue was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-17852 CRITICAL POC Act Now

A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-17832 MEDIUM POC This Month

XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-16350 MEDIUM POC This Month

WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-16349 MEDIUM POC This Month

WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-15894 CRITICAL POC Act Now

A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-15893 CRITICAL POC Act Now

A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-14515 CRITICAL POC Act Now

A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-14513 MEDIUM POC This Month

An XSS vulnerability was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An issue was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhi Cms
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhi Cms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhi Cms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wuzhi Cms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An XSS vulnerability was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhi Cms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy