Vulnerabilities > Jizhicms

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-04	CVE-2023-51154	Unspecified vulnerability in Jizhicms 2.5.0 Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php. network low complexity jizhicms critical	9.8
2023-12-28	CVE-2023-50692	Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 2.5 File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. network low complexity jizhicms CWE-434	8.8
2023-10-02	CVE-2023-43836	SQL Injection vulnerability in Jizhicms 2.4.9 There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information network low complexity jizhicms CWE-89	6.5
2023-08-03	CVE-2023-38948	Files or Directories Accessible to External Parties vulnerability in Jizhicms 1.9.5 An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin. network low complexity jizhicms CWE-552	7.2
2023-05-27	CVE-2023-2927	Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 2.4.5 A vulnerability was found in JIZHICMS 2.4.5. network low complexity jizhicms CWE-918 critical	9.8
2023-05-19	CVE-2023-31862	Cross-site Scripting vulnerability in Jizhicms 2.4.6 jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). network low complexity jizhicms CWE-79	5.4
2023-03-15	CVE-2023-27234	Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 2.4.5 A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. network low complexity jizhicms CWE-352	6.5
2023-03-15	CVE-2023-27235	Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 2.4.5 An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. network low complexity jizhicms CWE-434	7.2
2023-02-03	CVE-2021-36484	SQL Injection vulnerability in Jizhicms 1.9.5 SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. network low complexity jizhicms CWE-89 critical	9.8
2022-11-23	CVE-2022-45278	SQL Injection vulnerability in Jizhicms 2.3.3 Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. network low complexity jizhicms CWE-89	8.8

Vulnerabilities > Jizhicms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jizhicms"}]}

Vulnerabilities > Jizhicms