Total
36 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3292 | 1 Jizhicms | 1 Jizhicms | 2026-02-27 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2020-37117 | 1 Jizhicms | 1 Jizhicms | 2026-02-24 | N/A | 8.8 HIGH |
|
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads.
|
|||||
| CVE-2025-14012 | 1 Jizhicms | 1 Jizhicms | 2026-02-24 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-14011 | 1 Jizhicms | 1 Jizhicms | 2026-02-24 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-70397 | 1 Jizhicms | 1 Jizhicms | 2026-02-19 | N/A | 7.2 HIGH |
|
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.
|
|||||
| CVE-2025-14013 | 1 Jizhicms | 1 Jizhicms | 2025-12-10 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-51154 | 1 Jizhicms | 1 Jizhicms | 2025-06-18 | N/A | 9.8 CRITICAL |
|
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.
|
|||||
| CVE-2024-34255 | 1 Jizhicms | 1 Jizhicms | 2025-06-13 | N/A | 6.1 MEDIUM |
|
jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function.
|
|||||
| CVE-2021-29334 | 1 Jizhicms | 1 Jizhicms | 2025-04-29 | N/A | 8.8 HIGH |
|
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html
|
|||||
| CVE-2022-45278 | 1 Jizhicms | 1 Jizhicms | 2025-04-25 | N/A | 8.8 HIGH |
|
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.
|
|||||
| CVE-2022-44140 | 1 Jizhicms | 1 Jizhicms | 2025-04-25 | N/A | 8.8 HIGH |
|
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.
|
|||||
| CVE-2024-33338 | 1 Jizhicms | 1 Jizhicms | 2025-04-23 | N/A | 7.3 HIGH |
|
Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request.
|
|||||
| CVE-2024-32161 | 1 Jizhicms | 1 Jizhicms | 2025-04-18 | N/A | 9.8 CRITICAL |
|
jizhiCMS 2.5 suffers from a File upload vulnerability.
|
|||||
| CVE-2023-50692 | 1 Jizhicms | 1 Jizhicms | 2025-04-17 | N/A | 8.8 HIGH |
|
File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.
|
|||||
| CVE-2025-25784 | 1 Jizhicms | 1 Jizhicms | 2025-04-10 | N/A | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.
|
|||||
| CVE-2025-25785 | 1 Jizhicms | 1 Jizhicms | 2025-04-10 | N/A | 9.1 CRITICAL |
|
JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.
|
|||||
| CVE-2025-2638 | 1 Jizhicms | 1 Jizhicms | 2025-04-02 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2637 | 1 Jizhicms | 1 Jizhicms | 2025-04-02 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in JIZHICMS up to 1.7.0. Affected by this issue is some unknown functionality of the file /user/userinfo.html of the component Account Profile Page. The manipulation of the argument jifen leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2639 | 1 Jizhicms | 1 Jizhicms | 2025-03-28 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been found in JIZHICMS up to 1.7.0 and classified as problematic. This vulnerability affects unknown code of the file /user/release.html of the component Article Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2021-36484 | 1 Jizhicms | 1 Jizhicms | 2025-03-26 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.
|
|||||
| CVE-2023-27234 | 1 Jizhicms | 1 Jizhicms | 2025-02-27 | N/A | 6.5 MEDIUM |
|
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.
|
|||||
| CVE-2023-31862 | 1 Jizhicms | 1 Jizhicms | 2025-01-21 | N/A | 5.4 MEDIUM |
|
jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.
|
|||||
| CVE-2023-43836 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information
|
|||||
| CVE-2023-38948 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | N/A | 7.2 HIGH |
|
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.
|
|||||
| CVE-2023-2927 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-27235 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | N/A | 7.2 HIGH |
|
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.
|
|||||
| CVE-2022-36578 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
jizhicms v2.3.1 has SQL injection in the background.
|
|||||
| CVE-2022-36577 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
|
|||||
| CVE-2022-31393 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
|
|||||
| CVE-2022-31390 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
|
|||||
| CVE-2022-27429 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
|
|||||
| CVE-2020-23644 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
|
|||||
| CVE-2020-23643 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.
|
|||||
| CVE-2020-21483 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
|
|||||
| CVE-2020-21228 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
|
|||||
| CVE-2019-17593 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
|
|||||