Vulnerabilities > Jizhicms

DATE CVE VULNERABILITY TITLE RISK
2024-01-04 CVE-2023-51154 Unspecified vulnerability in Jizhicms 2.5.0
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.
network
low complexity
jizhicms
critical
9.8
2023-12-28 CVE-2023-50692 Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 2.5
File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.
network
low complexity
jizhicms CWE-434
8.8
2023-10-02 CVE-2023-43836 SQL Injection vulnerability in Jizhicms 2.4.9
There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information
network
low complexity
jizhicms CWE-89
6.5
2023-08-03 CVE-2023-38948 Files or Directories Accessible to External Parties vulnerability in Jizhicms 1.9.5
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.
network
low complexity
jizhicms CWE-552
7.2
2023-05-27 CVE-2023-2927 Unspecified vulnerability in Jizhicms 2.4.5
A vulnerability was found in JIZHICMS 2.4.5.
network
low complexity
jizhicms
critical
9.8
2023-05-19 CVE-2023-31862 Cross-site Scripting vulnerability in Jizhicms 2.4.6
jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
jizhicms CWE-79
5.4
2023-03-15 CVE-2023-27234 Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 2.4.5
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.
network
low complexity
jizhicms CWE-352
6.5
2023-03-15 CVE-2023-27235 Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 2.4.5
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.
network
low complexity
jizhicms CWE-434
7.2
2023-02-03 CVE-2021-36484 SQL Injection vulnerability in Jizhicms 1.9.5
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.
network
low complexity
jizhicms CWE-89
critical
9.8
2022-11-23 CVE-2022-45278 SQL Injection vulnerability in Jizhicms 2.3.3
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.
network
low complexity
jizhicms CWE-89
8.8