Total
16 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-27234 | 1 Jizhicms | 1 Jizhicms | 2023-03-20 | N/A | 6.5 MEDIUM |
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. | |||||
CVE-2023-27235 | 1 Jizhicms | 1 Jizhicms | 2023-03-17 | N/A | 7.2 HIGH |
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. | |||||
CVE-2021-36484 | 1 Jizhicms | 1 Jizhicms | 2023-02-09 | N/A | 9.8 CRITICAL |
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. | |||||
CVE-2022-44140 | 1 Jizhicms | 1 Jizhicms | 2022-11-28 | N/A | 8.8 HIGH |
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. | |||||
CVE-2021-29334 | 1 Jizhicms | 1 Jizhicms | 2022-11-28 | N/A | 8.8 HIGH |
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html | |||||
CVE-2022-45278 | 1 Jizhicms | 1 Jizhicms | 2022-11-28 | N/A | 8.8 HIGH |
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. | |||||
CVE-2022-36577 | 1 Jizhicms | 1 Jizhicms | 2022-08-22 | N/A | 8.8 HIGH |
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin. | |||||
CVE-2022-36578 | 1 Jizhicms | 1 Jizhicms | 2022-08-22 | N/A | 9.8 CRITICAL |
jizhicms v2.3.1 has SQL injection in the background. | |||||
CVE-2022-31390 | 1 Jizhicms | 1 Jizhicms | 2022-06-15 | 6.4 MEDIUM | 9.1 CRITICAL |
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. | |||||
CVE-2022-31393 | 1 Jizhicms | 1 Jizhicms | 2022-06-15 | 6.4 MEDIUM | 9.1 CRITICAL |
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. | |||||
CVE-2022-27429 | 1 Jizhicms | 1 Jizhicms | 2022-05-05 | 7.5 HIGH | 9.8 CRITICAL |
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. | |||||
CVE-2020-21228 | 1 Jizhicms | 1 Jizhicms | 2021-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. | |||||
CVE-2020-21483 | 1 Jizhicms | 1 Jizhicms | 2021-09-28 | 6.5 MEDIUM | 7.2 HIGH |
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file. | |||||
CVE-2020-23644 | 1 Jizhicms | 1 Jizhicms | 2021-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. | |||||
CVE-2020-23643 | 1 Jizhicms | 1 Jizhicms | 2021-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php. | |||||
CVE-2019-17593 | 1 Jizhicms | 1 Jizhicms | 2019-10-16 | 6.8 MEDIUM | 8.8 HIGH |
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator. |