PT-2021-10367 · Wuzhicms · Wuzhi Cms

Ppsoft1990

Published

2021-09-21

Updated

2021-10-01

CVE-2020-19551

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: WUZHI CMS versions up to and including 4.1.0

Description: A blacklist bypass issue exists in the common.func.php file, which can cause remote code execution when uploaded.

Recommendations: For WUZHI CMS versions up to and including 4.1.0, consider disabling the upload functionality in common.func.php until a patch is available. Restrict access to the common.func.php file to minimize the risk of exploitation.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2020-19551

Affected Products

Wuzhi Cms

PT-2021-10367 · Wuzhicms · Wuzhi Cms

CVE-2020-19551

Weakness Enumeration

Related Identifiers

Affected Products

References · 4