SQL Injection Vulnerability in Wuzhi CMS by Wuzhi Technology
CVE-2020-20122

9.8CRITICAL

Key Information:

Vendor: Wuzhicms
Status: Wuzhi Cms
Vendor: CVE Published:; 28 September 2021

What is CVE-2020-20122?

Wuzhi CMS version 4.1 is susceptible to a SQL injection vulnerability located in the checktitle() function within the content.php file. This flaw could allow an attacker to execute arbitrary SQL commands, potentially leading to unauthorized access or alteration of sensitive data within the application. It is crucial for users of this CMS to apply security patches and follow best practices to mitigate the risks associated with this vulnerability.

References

https://github.com/SuperSalsa20/WUZHICMS-SQL-Injection/bl...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2021
Vulnerability Reserved
Aug 13, 2020

Wuzhicms

What is CVE-2020-20122?

References

CVSS V3.1

Timeline