Vulnerabilities > Jizhicms > Jizhicms > 1.9.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-03 | CVE-2023-38948 | Files or Directories Accessible to External Parties vulnerability in Jizhicms 1.9.5 An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin. | 7.2 |
2023-02-03 | CVE-2021-36484 | SQL Injection vulnerability in Jizhicms 1.9.5 SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. | 9.8 |
2022-04-25 | CVE-2022-27429 | Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 1.9.5 Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. | 7.5 |