CVE-2023-52064

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wuzhicms:wuzhi_cms:4.1.0:*:*:*:*:*:*:*

History

17 Jan 2024, 21:08

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:wuzhicms:wuzhi_cms:4.1.0:*:*:*:*:*:*:*
CWE CWE-89
First Time Wuzhicms
Wuzhicms wuzhi Cms
References () https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea - () https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea - Third Party Advisory
References () https://github.com/wuzhicms/wuzhicms/issues/208 - () https://github.com/wuzhicms/wuzhicms/issues/208 - Exploit, Issue Tracking

12 Jan 2024, 13:15

Type Values Removed Values Added
References
  • () https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea -

11 Jan 2024, 13:57

Type Values Removed Values Added
Summary
  • (es) Se descubrió que Wuzhicms v4.1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro $keywords en /core/admin/copyfrom.php.

10 Jan 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-10 21:15

Updated : 2024-01-17 21:08


NVD link : CVE-2023-52064

Mitre link : CVE-2023-52064

CVE.ORG link : CVE-2023-52064


JSON object : View

Products Affected

wuzhicms

  • wuzhi_cms
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')