📦 Wuzhicms

Wuzhicms v4.1.0 contains a SQL injection vulnerability in the $keywords parameter at /core/admin/copyfrom.php. This allows attackers to execute arbitrary SQL commands on the database. All users runnin...

This SQL injection vulnerability in wuzhicms v4.1.0 allows remote attackers to execute arbitrary SQL commands through the database backup functionality. Attackers can potentially read, modify, or dele...

This SQL injection vulnerability in WUZHICMS v4.1.0 allows remote attackers to execute arbitrary SQL commands through the checktitle() function in admin/content.php. Attackers can potentially access, ...

This SQL injection vulnerability in Wuzhi CMS v4.1.0 allows attackers to execute arbitrary SQL commands via the KeyValue parameter in the order administration interface. Attackers can potentially acce...

This SQL injection vulnerability in Wuzhi CMS 4.1.0 allows attackers to execute arbitrary SQL commands through the keywords parameter in the admin interface. This affects all deployments running the v...

This vulnerability allows remote attackers to execute arbitrary code on WUZHI CMS systems via an unsafe file upload mechanism in the set_chache method. Attackers can upload malicious files that get ex...

CVE-2020-20124 is a remote code execution vulnerability in Wuzhi CMS v4.1.0 that allows attackers to execute arbitrary code on affected systems through the \attachment\admin\index.php file. This affec...

CVE-2020-24930 is an arbitrary file deletion vulnerability in Wuzhi CMS 4.0.1 backend. Attackers can delete any files on the server, potentially causing service disruption or data loss. This affects a...

This vulnerability allows attackers to bypass file upload blacklists in WUZHI CMS, potentially leading to remote code execution. It affects all WUZHI CMS installations up to version 4.1.0. Attackers c...

This SQL injection vulnerability in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary SQL commands via the 'flag' parameter in the order administration component. Attackers can potentially...

This critical vulnerability in WuzhiCMS 4.1 allows remote attackers to execute arbitrary code through code injection in the Setting Handler component. Attackers can exploit this by manipulating the 'S...

This CVE-2025-0480 vulnerability in wuzhicms 4.1.0 allows attackers to perform server-side request forgery (SSRF) by manipulating sphinxhost/sphinxport parameters in the search admin configuration. At...

This critical vulnerability in wuzhicms 4.1.0 allows remote attackers to inject and execute arbitrary code through the add/edit function in block.php. It affects all systems running the vulnerable ver...