Remote Code Execution Flaw in Wuzhi CMS by Wuzhi Technologies
CVE-2020-20124

8.8HIGH

Key Information:

Vendor: Wuzhicms
Status: Wuzhi Cms
Vendor: CVE Published:; 28 September 2021

What is CVE-2020-20124?

Wuzhi CMS version 4.1.0 is susceptible to a remote code execution vulnerability found in the admin index file, which allows an attacker to execute arbitrary PHP code on the server. This flaw may lead to unauthorized disclosure of sensitive information, complete control over the affected system, and execution of commands that can compromise the integrity of the application and the data it handles.

References

https://github.com/wuzhicms/wuzhicms/issues/188

x_refsource_MISC

https://cwe.mitre.org/data/definitions/96.html

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2021
Vulnerability Reserved
Aug 13, 2020

Wuzhicms

What is CVE-2020-20124?

References

CVSS V3.1

Timeline