SQL Injection Vulnerability in WUZHI CMS 4.1.0
CVE-2018-20572

9.8CRITICAL

Key Information:

Vendor: Wuzhicms
Status: Wuzhicms
Vendor: CVE Published:; 28 December 2018

What is CVE-2018-20572?

An SQL injection vulnerability in WUZHI CMS 4.1.0 allows attackers to manipulate database queries via the 'keywords' parameter in the URL. This can lead to unauthorized access to sensitive data and pose significant security risks. The affected endpoint is coreframe/app/coupon/admin/copyfrom.php, and it is crucial for users to apply the necessary patches and updates to mitigate potential exploitation of this vulnerability.

References

https://github.com/wuzhicms/wuzhicms/issues/166

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 28, 2018

Wuzhicms

What is CVE-2018-20572?

References

CVSS V3.1

Timeline