CVE-2018-14472

2018-07-2016:00:00

mitre

www.cve.org

wuzhi cms

sql injection

vulnerability

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

42.3%

JSON

An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.

References

github.com/wuzhicms/wuzhicms/issues/144