PT-2018-12541 · Wuzhi · Wuzhi Cms
Published
2018-07-20
·
Updated
2018-09-14
·
CVE-2018-14472
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WUZHI CMS version 4.1.0
Description
An issue was discovered in the coreframe/app/order/admin/goods.php file, where the
keywords parameter is taken directly into execution without filtering, leading to SQL injection.Recommendations
For WUZHI CMS version 4.1.0, consider filtering or sanitizing the
keywords parameter to prevent SQL injection until a patch is available. As a temporary workaround, restrict access to the goods.php file in the coreframe/app/order/admin directory to minimize the risk of exploitation.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wuzhi Cms