7 matches found
CVE-2018-14472
An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection...
CVE-2020-20122
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle function in /coreframe/app/content/admin/content.php...
CVE-2020-20122
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle function in /coreframe/app/content/admin/content.php...
CVE-2018-20572
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893...
CVE-2018-20572
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893...
CVE-2018-11528
WUZHI CMS 4.1.0 has SQL Injection via an api/smscheck.php?param= URI...
CVE-2018-11528
WUZHI CMS 4.1.0 has SQL Injection via an api/smscheck.php?param= URI...