SQL Injection Vulnerability in WUZHI CMS by WUZHI
CVE-2018-11722

9.8CRITICAL

Key Information:

Vendor: Wuzhicms
Status: Wuzhicms
Vendor: CVE Published:; 5 June 2018

What is CVE-2018-11722?

WUZHI CMS 4.1.0 is impacted by a SQL injection vulnerability located in the api/uc.php file. This issue arises from the hard-coded value of 'UC_KEY', allowing an attacker to manipulate the 'code' parameter and execute arbitrary SQL queries. Exploitation of this vulnerability can lead to unauthorized access to sensitive data, posing significant security risks for affected installations.

References

https://github.com/wuzhicms/wuzhicms/issues/141

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2018
Vulnerability Reserved
Jun 4, 2018

Wuzhicms

What is CVE-2018-11722?

References

CVSS V3.1

Timeline