3 matches found
Wuzhi CMS SQL Injection (CVE-2021-40674)
An SQL injection vulnerability exists in Wuzhi CMS. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2021-40674
creationtimestamp| type| source ---|---|--- 2021-09-20 18:27:12+00:00| seen| https://t.me/cibsecurity/29109...
CVE-2021-40674
Wuzhi CMS v4.1.0 contains an SQL injection in coreframe/app/order/admin/index.php via the KeyValue parameter. The root cause is improper handling of that parameter, enabling remote attackers to execute arbitrary SQL commands with no authentication. CVSS details map to high/critical impact (C to H...