CVE-2023-46482

2023-11-0119:15:45

Google

osv.dev

vulnerability

sql injection

wuzhicms

remote attacker

arbitrary code

database backup functionality

8.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.3%

JSON

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.

CPENameOperatorVersion
wuzhicmseq3.1.1
wuzhicmseq2.1.3
wuzhicmseq3.0.1
wuzhicmseq3.0.3
wuzhicmseq2.0.1
wuzhicmseq3.0.4.0
wuzhicmseq4.1.0
wuzhicmseq2.0.5
wuzhicmseq3.1.0
wuzhicmseq3.0.4

Name	Operator	Version
wuzhicms	eq	3.1.1
wuzhicms	eq	2.1.3
wuzhicms	eq	3.0.1
wuzhicms	eq	3.0.3
wuzhicms	eq	2.0.1
wuzhicms	eq	3.0.4.0
wuzhicms	eq	4.1.0
wuzhicms	eq	2.0.5
wuzhicms	eq	3.1.0
wuzhicms	eq	3.0.4