CVE-2025-3563

Name of the Vulnerable Software and Affected Versions: WuzhiCMS version 4.1

Description: A critical issue was found in the Setting Handler component, specifically in the function Set of the file /index.php?m=attachment&f=index& su=wuzhicms&v=set&submit=1. The manipulation of the Setting argument leads to code injection. This issue can be exploited remotely.

Recommendations: For WuzhiCMS version 4.1, as a temporary workaround, consider disabling the Set function in the Setting Handler component until a patch is available. Restrict access to the /index.php?m=attachment&f=index& su=wuzhicms&v=set&submit=1 endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.