CVE-2021-41654

Name of the Vulnerable Software and Affected Versions Wuzhicms version 4.1.0

Description The issue allows attackers to execute arbitrary SQL commands via the keyValue parameter in the "/coreframe/app/pay/admin/index.php" API endpoint. This enables attackers to manipulate database queries, potentially leading to unauthorized data access or modification.

Recommendations For Wuzhicms version 4.1.0, consider restricting access to the /coreframe/app/pay/admin/index.php API endpoint until a patch is available. As a temporary workaround, avoid using the keyValue parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.