PT-2023-11551 · Wuzhicms · Wuzhi Cms

Supersalsa20

·

Publicado

2023-06-20

·

Atualizado

2024-12-10

·

CVE-2020-20413

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions WUZHICMS version 4.1.0
Description A SQL injection issue allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.
Recommendations For WUZHICMS version 4.1.0, consider disabling the checktitle() function in admin/content.php as a temporary workaround until a patch is available. Restrict access to the admin/content.php file to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2020-20413

Produtos afetados

Wuzhi Cms