CVE-2023-52064 – Wuzhicms v4.1.0 contains a SQL injection vulner... (How to Fix)

Q: What is the severity of CVE-2023-52064?

CVE-2023-52064 has a CVSS score of 9.8 (CRITICAL). Wuzhicms v4.1.0 contains a SQL injection vulnerability in the $keywords parameter at /core/admin/copyfrom.php. This allows attackers to execute arbitrary SQL commands on the database. All users running Wuzhicms v4.1.0 are affected.

📋 TL;DR

Wuzhicms v4.1.0 contains a SQL injection vulnerability in the $keywords parameter at /core/admin/copyfrom.php. This allows attackers to execute arbitrary SQL commands on the database. All users running Wuzhicms v4.1.0 are affected.

💻 Affected Systems

Products:

Wuzhicms

Versions: v4.1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires access to the admin interface at /core/admin/copyfrom.php.

📦 What is this software?

Wuzhicms by Wuzhicms

View all CVEs affecting Wuzhicms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, or remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, data exfiltration, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation and database permissions.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible via web interface.

🏢 Internal Only: MEDIUM - Still exploitable by internal threats or compromised accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin access or stolen credentials. SQL injection is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.1.1 or later

Vendor Advisory: https://github.com/wuzhicms/wuzhicms/issues/208

Restart Required: No

Instructions:

1. Download latest version from official repository. 2. Backup current installation. 3. Replace vulnerable files with patched versions. 4. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize $keywords parameter.

Modify /core/admin/copyfrom.php to validate/sanitize user input before SQL query.

Access Restriction

all

Restrict access to vulnerable endpoint via web server configuration.

Add location block in nginx: location ~ /core/admin/copyfrom\.php { deny all; }
Add in Apache .htaccess: <Files "copyfrom.php"> Require all denied </Files>

🧯 If You Can't Patch

Implement WAF rules to block SQL injection patterns targeting /core/admin/copyfrom.php.
Restrict database user permissions to minimum required operations.

🔍 How to Verify

Check if Vulnerable:

Check if running Wuzhicms v4.1.0 and if /core/admin/copyfrom.php exists.

Check Version:

Check version.php file or admin dashboard for version number.

Verify Fix Applied:

Verify version is v4.1.1 or later and test SQL injection attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts to admin interface
Requests to /core/admin/copyfrom.php with SQL keywords

Network Indicators:

HTTP POST/GET requests to /core/admin/copyfrom.php containing SQL injection patterns

SIEM Query:

source="web_logs" AND uri="/core/admin/copyfrom.php" AND (keywords CONTAINS "UNION" OR keywords CONTAINS "SELECT" OR keywords CONTAINS "OR 1=1")

📊 Metadata

CVE ID: CVE-2023-52064

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: January 10, 2024

Last Updated: June 3, 2025

🔗 References

https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea Third Party Advisory
https://github.com/wuzhicms/wuzhicms/issues/208 Exploit,Issue Tracking
https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea Third Party Advisory
https://github.com/wuzhicms/wuzhicms/issues/208 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52064, you might also want to check these: