Aggregates CVE and security vulnerability intelligence across all wuzhi_cms_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise and vendor impact data exposure.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-18939 | An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. | [email protected] | 4.8 | 0.67% | 2018-11-05 | 2024-11-21 |
| CVE-2018-17852 | A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI. | [email protected] | 9.8 | 1.54% | 2018-10-01 | 2024-11-21 |
| CVE-2018-16350 | WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. | [email protected] | 6.1 | 0.86% | 2018-09-02 | 2024-11-21 |
| CVE-2018-16349 | WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. | [email protected] | 6.1 | 0.86% | 2018-09-02 | 2024-11-21 |
| CVE-2018-15894 | A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter. | [email protected] | 9.8 | 1.54% | 2018-08-27 | 2024-11-21 |
| CVE-2018-15893 | A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter. | [email protected] | 9.8 | 1.54% | 2018-08-27 | 2024-11-21 |
| CVE-2018-14515 | A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. | [email protected] | 9.8 | 2.00% | 2018-07-23 | 2024-11-21 |
| CVE-2018-14513 | An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. | [email protected] | 6.1 | 1.09% | 2018-07-23 | 2024-11-21 |