CVE-2025-0480

Name of the Vulnerable Software and Affected Versions wuzhicms version 4.1.0

Description A problematic issue has been found in the function test of the file coreframe/app/search/admin/config.php. The manipulation of the sphinxhost/sphinxport argument leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For wuzhicms version 4.1.0, as a temporary workaround, consider restricting access to the config.php file in the coreframe/app/search/admin directory until a patch is available. Avoid using the sphinxhost and sphinxport arguments in the affected function test to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.