SQL Injection Vulnerability in WUZHI CMS 4.1.0 by WUZHI
CVE-2018-14515

9.8CRITICAL

Key Information:

Vendor: Wuzhi Cms Project
Status: Wuzhi Cms
Vendor: CVE Published:; 23 July 2018

🔔 Create Wuzhi Cms Project Vulnerability Alert

What is CVE-2018-14515?

A vulnerability in WUZHI CMS version 4.1.0 allows attackers to execute unauthorized SQL commands through the 'keywords' parameter in the index.php file. This flaw could lead to unauthorized access and manipulation of the database, putting sensitive information at risk. It is crucial to apply mitigations and stay updated to prevent exploitation of this weakness.

References

https://github.com/wuzhicms/wuzhicms/issues/146

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2018
Vulnerability Reserved
Jul 22, 2018