Filtered by vendor Wuzhicms Subscriptions
Filtered by product Wuzhicms Subscriptions
Total 58 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-15530 1 Wuzhicms 1 Wuzhicms 2026-07-13 5.3 Medium
A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2023-52064 1 Wuzhicms 1 Wuzhicms 2025-06-03 9.8 Critical
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.
CVE-2025-0480 1 Wuzhicms 1 Wuzhicms 2025-05-13 4.3 Medium
A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-31008 1 Wuzhicms 1 Wuzhicms 2025-05-13 6.5 Medium
An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file.
CVE-2024-32206 1 Wuzhicms 1 Wuzhicms 2025-05-05 4.6 Medium
A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter.
CVE-2018-10367 1 Wuzhicms 1 Wuzhicms 2025-05-05 N/A
An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.
CVE-2019-9107 1 Wuzhicms 1 Wuzhicms 2025-05-05 N/A
XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.
CVE-2019-9109 1 Wuzhicms 1 Wuzhicms 2025-05-05 N/A
XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php.
CVE-2018-11549 1 Wuzhicms 1 Wuzhicms 2025-05-05 N/A
An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.
CVE-2018-10313 1 Wuzhicms 1 Wuzhicms 2025-05-05 N/A
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.
CVE-2018-10368 1 Wuzhicms 1 Wuzhicms 2025-05-05 N/A
An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement.
CVE-2018-10311 1 Wuzhicms 1 Wuzhicms 2025-05-05 N/A
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.
CVE-2018-14512 1 Wuzhicms 1 Wuzhicms 2025-05-05 6.1 Medium
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server" screen, the XSS payload is triggered.
CVE-2018-17425 1 Wuzhicms 1 Wuzhicms 2025-05-05 N/A
WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.
CVE-2018-10248 1 Wuzhicms 1 Wuzhicms 2025-05-05 N/A
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.
CVE-2018-18938 1 Wuzhicms 1 Wuzhicms 2025-05-05 N/A
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field.
CVE-2018-18712 1 Wuzhicms 1 Wuzhicms 2025-05-05 N/A
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1.
CVE-2018-11493 1 Wuzhicms 1 Wuzhicms 2025-05-05 N/A
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.
CVE-2018-11528 1 Wuzhicms 1 Wuzhicms 2025-05-05 N/A
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.
CVE-2018-18711 1 Wuzhicms 1 Wuzhicms 2025-05-05 N/A
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info.