Information Disclosure Vulnerability in WuzhiCMS by Wuzhi
CVE-2026-15530
Key Information:
Badges
What is CVE-2026-15530?
A vulnerability exists within the Attachment API of WuzhiCMS versions up to 4.1.0, specifically in the config/listimage function of the index.php file. This flaw allows remote attackers to manipulate the API, potentially leading to unauthorized information disclosure. Despite an early report of this issue to the project maintainers, no response has been received, and the exploit has already been made public, raising concerns about the security implications for users of affected installations.
Affected Version(s)
WuzhiCMS 4.0
WuzhiCMS 4.1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
