SQL Injection Vulnerability in WUZHI CMS 4.1.0
CVE-2018-15893

9.8CRITICAL

Key Information:

Vendor: Wuzhi Cms Project
Status: Wuzhi Cms
Vendor: CVE Published:; 27 August 2018

Summary

A vulnerability has been identified in WUZHI CMS 4.1.0 that allows for SQL injection through manipulated input in the keywords parameter of a specific endpoint. This flaw can potentially enable an attacker to execute arbitrary SQL queries on the database, which may lead to unauthorized data access or manipulation. It is critical for users to apply security measures to mitigate this risk and ensure the integrity of their data.

References

https://github.com/wuzhicms/wuzhicms/issues/149

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 27, 2018
Vulnerability Reserved
Aug 26, 2018