CVE-2024-10505

Name of the Vulnerable Software and Affected Versions wuzhicms version 4.1.0

Description A critical issue has been found, affecting the add/edit function of the file www/coreframe/app/content/admin/block.php. This leads to code injection and can be exploited remotely. The issue has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations For wuzhicms version 4.1.0, consider disabling the add/edit function in the www/coreframe/app/content/admin/block.php file as a temporary workaround until a patch is available. Restrict access to this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.