SQL Injection Vulnerability in Wuzhicms Product by Wuzhicms
CVE-2022-27431

9.8CRITICAL

Key Information:

Vendor: Wuzhicms
Status: Wuzhi Cms
Vendor: CVE Published:; 4 May 2022

What is CVE-2022-27431?

A SQL injection flaw has been identified in Wuzhicms v4.1.0, allowing attackers to manipulate SQL queries by exploiting the groupid parameter found at /coreframe/app/member/admin/group.php. This vulnerability can lead to unauthorized access to sensitive database information, potentially compromising the integrity of the application and the data it handles. It's crucial for administrators to apply patches and security updates to mitigate this risk.

References

https://github.com/wuzhicms/wuzhicms/issues/200

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2022
Vulnerability Reserved
Mar 21, 2022