Vulnerabilities > Jizhicms

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-23	CVE-2025-2639	Unspecified vulnerability in Jizhicms A vulnerability has been found in JIZHICMS up to 1.7.0 and classified as problematic. network low complexity jizhicms	5.3
2025-03-23	CVE-2025-2638	Unspecified vulnerability in Jizhicms A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. network low complexity jizhicms	5.3
2025-03-23	CVE-2025-2637	Unspecified vulnerability in Jizhicms A vulnerability, which was classified as problematic, has been found in JIZHICMS up to 1.7.0. network low complexity jizhicms	5.3
2024-01-04	CVE-2023-51154	Unspecified vulnerability in Jizhicms 2.5.0 Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php. network low complexity jizhicms critical	9.8
2023-12-28	CVE-2023-50692	Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 2.5 File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. network low complexity jizhicms CWE-434	8.8
2023-10-02	CVE-2023-43836	SQL Injection vulnerability in Jizhicms 2.4.9 There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information network low complexity jizhicms CWE-89	6.5
2023-08-03	CVE-2023-38948	Files or Directories Accessible to External Parties vulnerability in Jizhicms 1.9.5 An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin. network low complexity jizhicms CWE-552	7.2
2023-05-27	CVE-2023-2927	Unspecified vulnerability in Jizhicms 2.4.5 A vulnerability was found in JIZHICMS 2.4.5. network low complexity jizhicms critical	9.8
2023-05-19	CVE-2023-31862	Cross-site Scripting vulnerability in Jizhicms 2.4.6 jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). network low complexity jizhicms CWE-79	5.4
2023-03-15	CVE-2023-27234	Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 2.4.5 A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. network low complexity jizhicms CWE-352	6.5

Vulnerabilities > Jizhicms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jizhicms"}]}

Vulnerabilities > Jizhicms