Love71

**Name of the Vulnerable Software and Affected Versions** WUZHI CMS version 4.1.0 **Description** The issue is related to SQL Injection, which can be exploited via the `/api/sms check.php` API endpoint with a `param` variable. **Recommendations** For WUZHI CMS version 4.1.0, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.