WUZHI CMS is a PHP and MySQL-based open source content management system (CMS) from WUZHI. v4.1.0 of WUZHI CMS is vulnerable to SQL injection, which can be exploited to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php. parameter in /coreframe/app/pay/admin/index.php to execute arbitrary SQL commands.