19 matches found
CVE-2020-24930
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files...
WUZHI CMS 安全漏洞
WUZHI CMS is an open source content management system CMS based on PHP and MySQL by Five Fingers WUZHI. A security vulnerability exists in WUZHI CMS version v4.1.0, which originates from cross-site scripting in the del function...
WUZHI CMS 代码注入漏洞
WUZHI CMS is a PHP and MySQL based open source content management system CMS from WUZHI. A code injection vulnerability exists in WUZHI CMS version 4.1.0, which originates from a code injection in the add or edit function of the file www/coreframe/app/content/admin/block.php...
WUZHI CMS 安全漏洞
WUZHI CMS is an open source content management system CMS based on PHP and MySQL by Five Fingers WUZHI. A security vulnerability exists in WUZHI CMS version 4.1.0, which originated from allowing an attacker to execute arbitrary code and obtain sensitive information via the index.php file...
PT-2023-11582 · Wuzhicms · Wuzhi Cms
Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: An issue in the software allows a remote attacker to execute arbitrary code via the set chache method of the functioncommon.func.php file. Recommendations: For WUZHI CMS version 4.1.0, consider disabling t...
WUZHI CMS SQL注入漏洞
Wuzhicms is five fingers WUZHI company's set of PHP and MySQL based on open source content management system CMS. A SQL injection vulnerability exists in Wuzhicms version 4.1.0. An attacker can exploit this vulnerability to execute arbitrary code via the checktitle function...
Wuzhi WUZHI CMS 跨站脚本漏洞
Wuzhi WUZHI CMS is a PHP and MySQL based open source content management system CMS from Wuzhi. A security vulnerability exists in WUZHI CMS 4.1.0 and later, which originates from the coreframe/app/attachment/libs/class/ckditor.class.php configuration function...
Wuzhi CMS 跨站脚本漏洞
WUZHI CMS WUZHI CMS is a high-performance open source content management system , support for the LNAMP architecture , suitable for portals , corporate Web site , mobile site , microblogging promotion. WUZHI CMS version 4.1.0 has a cross-site scripting vulnerability. Remote attackers can use the...
WUZHI CMS Cross-Site Scripting Vulnerability (CNVD-2019-07935)
WUZHI CMS is five fingers WUZHI company based on PHP and MySQL open source content management system CMS. A cross-site scripting vulnerability exists in WUZHI CMS version 4.1.0. An attacker can use the 'Detailed Description' field in the 'I want to ask a question' page to inject arbitrary Web...
WUZHI CMS Cross-Site Scripting Vulnerability (CNVD-2019-05299)
WUZHI CMS is five fingers WUZHI company based on PHP and MySQL open source content management system CMS. WUZHI CMS version 4.1.0 cross-site scripting vulnerability, remote attackers can use the /index.php?m=message&f=message&v=add URL's 'setiframe' parameter to use the vulnerability to inject...
WUZHI CMS Cross-Site Scripting Vulnerability (CNVD-2019-09135)
WUZHI CMS is five fingers WUZHI company based on PHP and MySQL open source content management system CMS. A stored cross-site scripting vulnerability exists in index.php?m=core&f=index in WUZHI CMS 4.1.0, which can be exploited to inject arbitrary web script or HTML via the ontoggle attribute of...
WUZHI CMS SQL Injection Vulnerability (CNVD-2018-18142)
WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in the /coreframe/app/admin/pay/admin/index.php file in WUZHI CMS version 4.1.0. A remote attacker can exploit this...
PT-2018-12556 · Wuzhi · Wuzhi Cms
Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: A persistent XSS issue allows remote attackers to inject arbitrary web script or HTML via the formnickname parameter to the "index.php?m=core&f=set&v=sendmail" API endpoint. The XSS payload is triggered wh...
PT-2018-10640 · Wuzhi · Wuzhi Cms
Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: The issue is related to SQL Injection, which can be exploited via the /api/sms check.php API endpoint with a param variable. Recommendations: For WUZHI CMS version 4.1.0, update to a newer version that...
WUZHI CMS Cross-Site Request Forgery Vulnerability (CNVD-2018-11227)
WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A cross-site request forgery vulnerability exists in WUZHI CMS version 4.1.0. A remote attacker can exploit this vulnerability to add links...
WUZHI CMS Cross-Site Scripting Vulnerability (CNVD-2018-08585)
WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A cross-site scripting vulnerability exists in the content management feature of WUZHI CMS version 4.1.0. A remote attacker can exploit this vulnerability to injec...
WUZHI CMS Cross-Site Scripting Vulnerability (CNVD-2018-08584)
WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A cross-site scripting vulnerability exists in the system announcement feature of the extension module in WUZHI CMS version 4.1.0. A remote attacker can exploit th...
PT-2018-9820 · Wuzhi · Wuzhi Cms
Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: The issue allows for persistent XSS via the form%5Bqq 10%5D parameter to the "/index.php?m=member&f=index&v=profile&set iframe=1" URI. This enables potential attackers to inject malicious scripts into the...
PT-2018-9781 · Wuzhi · Wuzhi Cms
Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: A CSRF issue allows deletion of any article via the "index.php?m=content&f=content&v=recycle delete" endpoint. Recommendations: For WUZHI CMS version 4.1.0, update to a newer version that contains a fix fo...