Jizhicms

jizhicms

39 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (39)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-38948 1Jizhicms 1Jizhicms Nov 21, 2024 Aug 3, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.
CVE-2023-2927 1Jizhicms 1Jizhicms Nov 21, 2024 May 27, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request for...Show more A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability.Show less
CVE-2023-31862 1Jizhicms 1Jizhicms Jan 21, 2025 May 19, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to pu...Show more jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.Show less
CVE-2023-27235 1Jizhicms 1Jizhicms Nov 21, 2024 Mar 15, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.
CVE-2023-27234 1Jizhicms 1Jizhicms Feb 27, 2025 Mar 15, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.
CVE-2021-36484 1Jizhicms 1Jizhicms Mar 26, 2025 Feb 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.
CVE-2022-45278 1Jizhicms 1Jizhicms Apr 25, 2025 Nov 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.
CVE-2022-44140 1Jizhicms 1Jizhicms Apr 25, 2025 Nov 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.
CVE-2021-29334 1Jizhicms 1Jizhicms Apr 29, 2025 Nov 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html
CVE-2022-36578 1Jizhicms 1Jizhicms Nov 21, 2024 Aug 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 jizhicms v2.3.1 has SQL injection in the background.
CVE-2022-36577 1Jizhicms 1Jizhicms Nov 21, 2024 Aug 19, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
CVE-2022-31393 1Jizhicms 1Jizhicms Nov 21, 2024 Jun 9, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
CVE-2022-31390 1Jizhicms 1Jizhicms Nov 21, 2024 Jun 9, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
CVE-2022-27429 1Jizhicms 1Jizhicms Nov 21, 2024 Apr 25, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
CVE-2020-21228 1Jizhicms 1Jizhicms Nov 21, 2024 Oct 1, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
CVE-2020-21483 1Jizhicms 1Jizhicms Nov 21, 2024 Sep 15, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
CVE-2020-23644 1Jizhicms 1Jizhicms Nov 21, 2024 Jan 11, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
CVE-2020-23643 1Jizhicms 1Jizhicms Nov 21, 2024 Jan 11, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.
CVE-2019-17593 1Jizhicms 1Jizhicms Nov 21, 2024 Oct 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.