CVE-2023-52064 is a critical SQL injection vulnerability identified in Wuzhicms version 4.1.0. The vulnerability exists in the handling of the $keywords parameter within the /core/admin/copyfrom.php script. SQL injection (CWE-89) vulnerabilities allow attackers to inject malicious SQL statements into an application's database query, potentially leading to unauthorized data access, data modification, or even full system compromise. This particular vulnerability has a CVSS 3.1 base score of 9.8, indicating a critical severity level. The vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H shows that the attack can be performed remotely over the network without any authentication or user interaction, with low attack complexity. The impact on confidentiality, integrity, and availability is high, meaning an attacker could fully compromise the affected system’s database, extract sensitive information, alter or delete data, and disrupt service availability. Although no known exploits are currently reported in the wild, the nature of the vulnerability and its critical rating suggest it is a high-value target for attackers. The lack of vendor or product information beyond Wuzhicms v4.1.0 limits detailed vendor-specific analysis, but the vulnerability is clearly within a CMS administrative component, which is typically accessible only to authenticated users. However, the CVSS vector indicates no privileges or user interaction are required, implying the vulnerable endpoint may be exposed or insufficiently protected. This vulnerability demands immediate attention to prevent potential exploitation.

For European organizations using Wuzhicms 4.1.0, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized access to sensitive data, including personal data protected under GDPR, resulting in severe regulatory and reputational consequences. The ability to alter or delete data threatens business continuity and data integrity, potentially disrupting operations. Since the vulnerability requires no authentication or user interaction, attackers can remotely exploit it without insider access, increasing the threat surface. Organizations in sectors such as government, healthcare, finance, and e-commerce, which often rely on CMS platforms for content management and data storage, are particularly at risk. The exposure of administrative endpoints to the internet without adequate protections could facilitate attacks. Additionally, the potential for full system compromise could enable attackers to pivot within networks, leading to broader organizational impacts. The absence of known exploits in the wild currently provides a window for mitigation, but the critical severity score underscores the urgency of patching or applying mitigations.

1. Immediate action should be taken to update Wuzhicms to a version where this vulnerability is patched; if no patch is available, consider disabling or restricting access to the /core/admin/copyfrom.php endpoint. 2. Implement strict input validation and parameterized queries to prevent SQL injection attacks, especially on the $keywords parameter. 3. Restrict access to administrative interfaces using network-level controls such as VPNs, IP whitelisting, or web application firewalls (WAFs) configured to detect and block SQL injection attempts. 4. Conduct thorough code reviews and security audits of custom CMS components to identify and remediate similar vulnerabilities. 5. Monitor logs for suspicious activity targeting the vulnerable endpoint and implement intrusion detection systems (IDS) to alert on potential exploitation attempts. 6. Educate administrators and developers on secure coding practices and the importance of timely patching. 7. If immediate patching is not feasible, consider deploying virtual patching via WAF rules specifically targeting SQL injection patterns on the affected parameter.