CVE-2018-14472

2018-07-2016:29:00

Google

osv.dev

AI Score

7.8

Confidence

Low

EPSS

0.001

Percentile

42.3%

JSON

An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.

References

github.com/wuzhicms/wuzhicms/issues/144