CVE-2023-52064

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-52064
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea Third Party Advisory
https://github.com/wuzhicms/wuzhicms/issues/208 Exploit Issue Tracking
https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea Third Party Advisory
https://github.com/wuzhicms/wuzhicms/issues/208 Exploit Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:wuzhicms:wuzhicms:4.1.0:*:*:*:*:*:*:*
History

05 May 2025, 18:10

Type Values Removed Values Added
CPE cpe:2.3:a:wuzhicms:wuzhi_cms:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:wuzhicms:wuzhicms:4.1.0:*:*:*:*:*:*:*
First Time Wuzhicms wuzhicms

21 Nov 2024, 08:39

Type Values Removed Values Added
References () https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea - Third Party Advisory () https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea - Third Party Advisory
References () https://github.com/wuzhicms/wuzhicms/issues/208 - Exploit, Issue Tracking () https://github.com/wuzhicms/wuzhicms/issues/208 - Exploit, Issue Tracking

17 Jan 2024, 21:08

Type Values Removed Values Added
References
  • () https://gist.github.com/n0Sleeper/544b38c95715b13efadab329692c8aea - Third Party Advisory
References () https://github.com/wuzhicms/wuzhicms/issues/208 - () https://github.com/wuzhicms/wuzhicms/issues/208 - Exploit, Issue Tracking
CWE CWE-89
First Time Wuzhicms wuzhi Cms
Wuzhicms
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:wuzhicms:wuzhi_cms:4.1.0:*:*:*:*:*:*:*

11 Jan 2024, 13:57

Type Values Removed Values Added
Summary
  • (es) Se descubrió que Wuzhicms v4.1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro $keywords en /core/admin/copyfrom.php.

10 Jan 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-10 21:15

Updated : 2025-05-05 18:10

NVD link : CVE-2023-52064

Mitre link : CVE-2023-52064

CVE.ORG link : CVE-2023-52064

JSON object : View

Products Affected

wuzhicms

  • wuzhicms
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')