Vulnerabilities > Jizhicms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-04 | CVE-2023-51154 | Unspecified vulnerability in Jizhicms 2.5.0 Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php. | 9.8 |
2023-12-28 | CVE-2023-50692 | Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 2.5 File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. | 8.8 |
2023-10-02 | CVE-2023-43836 | SQL Injection vulnerability in Jizhicms 2.4.9 There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information | 6.5 |
2023-08-03 | CVE-2023-38948 | Files or Directories Accessible to External Parties vulnerability in Jizhicms 1.9.5 An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin. | 7.2 |
2023-05-27 | CVE-2023-2927 | Unspecified vulnerability in Jizhicms 2.4.5 A vulnerability was found in JIZHICMS 2.4.5. | 9.8 |
2023-05-19 | CVE-2023-31862 | Cross-site Scripting vulnerability in Jizhicms 2.4.6 jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). | 5.4 |
2023-03-15 | CVE-2023-27234 | Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 2.4.5 A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. | 6.5 |
2023-03-15 | CVE-2023-27235 | Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 2.4.5 An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. | 7.2 |
2023-02-03 | CVE-2021-36484 | SQL Injection vulnerability in Jizhicms 1.9.5 SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. | 9.8 |
2022-11-23 | CVE-2022-45278 | SQL Injection vulnerability in Jizhicms 2.3.3 Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. | 8.8 |