Lucene search

Wuzhi Cms Security Vulnerabilities

cve

CVE-2018-10248

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.

6.5CVSS

6.4AI Score

0.001EPSS

2018-04-20 05:29 PM

cve

CVE-2018-10311

A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.

6.1CVSS

5.9AI Score

0.001EPSS

2018-04-24 02:29 AM

cve

CVE-2018-10312

index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.

8.8CVSS

8.6AI Score

0.002EPSS

2018-04-24 02:29 AM

cve

CVE-2018-10313

WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.

5.4CVSS

5.1AI Score

0.001EPSS

2018-04-24 02:29 AM

cve

CVE-2018-10367

An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.

4.8CVSS

4.8AI Score

0.001EPSS

2018-04-25 09:29 AM

cve

CVE-2018-10368

An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement.

4.8CVSS

4.7AI Score

0.001EPSS

2018-04-25 09:29 AM

cve

CVE-2018-10391

An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.

4.8CVSS

4.8AI Score

0.001EPSS

2018-04-26 05:29 AM

cve

CVE-2018-11493

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.

8.8CVSS

8.6AI Score

0.001EPSS

2018-05-26 06:29 PM

cve

CVE-2018-11528

WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.

9.8CVSS

9.9AI Score

0.002EPSS

2018-05-29 07:29 AM

cve

CVE-2018-11549

An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.

5.4CVSS

5AI Score

0.001EPSS

2018-05-29 09:29 PM

cve

CVE-2018-14512

An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server" scre...

6.1CVSS

5.9AI Score

0.001EPSS

2018-07-23 08:29 AM

cve

CVE-2018-17425

WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.

5.4CVSS

5.1AI Score

0.001EPSS

2019-03-07 11:29 PM

cve

CVE-2018-17426

WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI.

5.4CVSS

5.1AI Score

0.001EPSS

2019-03-07 11:29 PM

cve

CVE-2018-17832

XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter.

6.1CVSS

5.9AI Score

0.001EPSS

2018-10-01 08:29 AM

cve

CVE-2018-18711

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info.

8.8CVSS

8.7AI Score

0.001EPSS

2018-10-29 12:29 PM

cve

CVE-2018-18712

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1.

8.8CVSS

8.6AI Score

0.001EPSS

2018-10-29 12:29 PM

cve

CVE-2018-18938

An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.

4.8CVSS

4.7AI Score

0.001EPSS

2018-11-05 09:29 AM

cve

CVE-2019-9107

XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.

6.1CVSS

5.9AI Score

0.001EPSS

2019-02-25 01:29 AM

cve

CVE-2019-9109

XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php.

6.1CVSS

5.9AI Score

0.001EPSS

2019-02-25 01:29 AM

cve

CVE-2019-9110

XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.

6.1CVSS

5.9AI Score

0.001EPSS

2019-02-25 01:29 AM

cve

CVE-2020-19770

A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie.

5.4CVSS

5.2AI Score

0.001EPSS

2021-12-21 06:15 PM

cve

CVE-2020-19897

A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.

6.1CVSS

6.2AI Score

0.001EPSS

2022-06-28 10:15 PM

cve

CVE-2020-20122

Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.

9.8CVSS

9.7AI Score

0.002EPSS

2021-09-28 11:15 PM

cve

CVE-2020-20124

Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.

8.8CVSS

8.9AI Score

0.005EPSS

2021-09-28 11:15 PM

cve

CVE-2022-27431

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.

9.8CVSS

9.8AI Score

0.002EPSS

2022-05-04 03:15 AM

cve

CVE-2023-31860

Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system.

5.4CVSS

5.2AI Score

0.001EPSS

2023-05-23 08:15 PM

cve

CVE-2023-52064

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.

9.8CVSS

9.8AI Score

0.001EPSS

2024-01-10 09:15 PM