Vulnerabilities for Wuzhi cms (...) - CXSECURITY.COM

Vulnerabilities for 'Wuzhi cms'

2018-11-05

CVE-2018-18939

CWE-79

An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field.

2018-10-01

CVE-2018-17852

CWE-89

A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI.

2018-09-02

CVE-2018-16350

CWE-79

WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter.

CVE-2018-16349

CWE-79

WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter.

2018-08-27

CVE-2018-15894

CWE-89

A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter.

CVE-2018-15893

CWE-89

A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.

2018-07-23

CVE-2018-14515

CWE-89

A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter.

CVE-2018-14513

CWE-79

An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI.

CVE-2018-14512

CWE-79

An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server" screen, the XSS payload is triggered.

Copyright 2024, cxsecurity.com