Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jizhicms Subscribe
Total 16 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-27234 1 Jizhicms 1 Jizhicms 2023-03-20 N/A 6.5 MEDIUM
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.
CVE-2023-27235 1 Jizhicms 1 Jizhicms 2023-03-17 N/A 7.2 HIGH
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.
CVE-2021-36484 1 Jizhicms 1 Jizhicms 2023-02-09 N/A 9.8 CRITICAL
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.
CVE-2022-44140 1 Jizhicms 1 Jizhicms 2022-11-28 N/A 8.8 HIGH
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.
CVE-2021-29334 1 Jizhicms 1 Jizhicms 2022-11-28 N/A 8.8 HIGH
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html
CVE-2022-45278 1 Jizhicms 1 Jizhicms 2022-11-28 N/A 8.8 HIGH
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.
CVE-2022-36577 1 Jizhicms 1 Jizhicms 2022-08-22 N/A 8.8 HIGH
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
CVE-2022-36578 1 Jizhicms 1 Jizhicms 2022-08-22 N/A 9.8 CRITICAL
jizhicms v2.3.1 has SQL injection in the background.
CVE-2022-31390 1 Jizhicms 1 Jizhicms 2022-06-15 6.4 MEDIUM 9.1 CRITICAL
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
CVE-2022-31393 1 Jizhicms 1 Jizhicms 2022-06-15 6.4 MEDIUM 9.1 CRITICAL
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
CVE-2022-27429 1 Jizhicms 1 Jizhicms 2022-05-05 7.5 HIGH 9.8 CRITICAL
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
CVE-2020-21228 1 Jizhicms 1 Jizhicms 2021-10-07 4.3 MEDIUM 6.1 MEDIUM
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
CVE-2020-21483 1 Jizhicms 1 Jizhicms 2021-09-28 6.5 MEDIUM 7.2 HIGH
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
CVE-2020-23644 1 Jizhicms 1 Jizhicms 2021-01-13 4.3 MEDIUM 6.1 MEDIUM
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
CVE-2020-23643 1 Jizhicms 1 Jizhicms 2021-01-13 4.3 MEDIUM 6.1 MEDIUM
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.
CVE-2019-17593 1 Jizhicms 1 Jizhicms 2019-10-16 6.8 MEDIUM 8.8 HIGH
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.