Filtered by vendor Wuzhicms Subscriptions
Total 54 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-14472 1 Wuzhicms 1 Wuzhicms 2024-11-21 N/A
An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.
CVE-2018-11722 1 Wuzhicms 1 Wuzhicms 2024-11-21 N/A
WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded.
CVE-2018-11549 1 Wuzhicms 1 Wuzhi Cms 2024-11-21 N/A
An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.
CVE-2018-11528 1 Wuzhicms 1 Wuzhi Cms 2024-11-21 N/A
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.
CVE-2018-11493 1 Wuzhicms 1 Wuzhi Cms 2024-11-21 N/A
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.
CVE-2018-10391 1 Wuzhicms 1 Wuzhi Cms 2024-11-21 N/A
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.
CVE-2018-10368 1 Wuzhicms 1 Wuzhi Cms 2024-11-21 N/A
An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement.
CVE-2018-10367 1 Wuzhicms 1 Wuzhi Cms 2024-11-21 N/A
An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.
CVE-2018-10313 1 Wuzhicms 1 Wuzhi Cms 2024-11-21 N/A
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.
CVE-2018-10312 1 Wuzhicms 1 Wuzhi Cms 2024-11-21 N/A
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
CVE-2018-10311 1 Wuzhicms 1 Wuzhi Cms 2024-11-21 N/A
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.
CVE-2018-10248 1 Wuzhicms 1 Wuzhi Cms 2024-11-21 N/A
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.
CVE-2018-10221 1 Wuzhicms 1 Wuzhicms 2024-11-21 N/A
An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload.
CVE-2024-10505 1 Wuzhicms 1 Wuzhicms 2024-11-06 6.3 Medium
A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Initially two separate issues were created by the researcher for the different function calls. The vendor was contacted early about this disclosure but did not respond in any way.