Jizhicms CVEs and Security Vulnerabilities

Filtered by vendor Jizhicms Subscriptions

Search

Switch to Advanced Search (Beta)

Total 33 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-43836	1 Jizhicms	1 Jizhicms	2024-11-21	6.5 Medium
There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information
CVE-2023-38948	1 Jizhicms	1 Jizhicms	2024-11-21	7.2 High
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.
CVE-2023-2927	1 Jizhicms	1 Jizhicms	2024-11-21	6.3 Medium
A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability.
CVE-2022-36578	1 Jizhicms	1 Jizhicms	2024-11-21	9.8 Critical
jizhicms v2.3.1 has SQL injection in the background.
CVE-2022-36577	1 Jizhicms	1 Jizhicms	2024-11-21	8.8 High
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
CVE-2022-31393	1 Jizhicms	1 Jizhicms	2024-11-21	9.1 Critical
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
CVE-2022-31390	1 Jizhicms	1 Jizhicms	2024-11-21	9.1 Critical
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
CVE-2022-27429	1 Jizhicms	1 Jizhicms	2024-11-21	9.8 Critical
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
CVE-2020-23644	1 Jizhicms	1 Jizhicms	2024-11-21	6.1 Medium
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
CVE-2020-23643	1 Jizhicms	1 Jizhicms	2024-11-21	6.1 Medium
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.
CVE-2020-21483	1 Jizhicms	1 Jizhicms	2024-11-21	7.2 High
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
CVE-2020-21228	1 Jizhicms	1 Jizhicms	2024-11-21	6.1 Medium
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
CVE-2019-17593	1 Jizhicms	1 Jizhicms	2024-11-21	8.8 High
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.

« first previous Page 2 of 2.