PT-2018-15442 · Wuzhi · Wuzhi Cms

Letmejustdoit

·

Published

2018-12-28

·

Updated

2019-01-09

·

CVE-2018-20572

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions WUZHI CMS version 4.1.0
Description The issue allows SQL injection via the keywords parameter in the "index.php?m=promote&f=index&v=search" endpoint.
Recommendations For WUZHI CMS version 4.1.0, avoid using the keywords parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-20572

Affected Products

Wuzhi Cms