Vulnerabilities > Jizhicms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2021-29334 | Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 1.9.4 An issue was discovered in JIZHI CMS 1.9.4. | 8.8 |
| 2022-11-23 | CVE-2022-44140 | SQL Injection vulnerability in Jizhicms 2.3.3 Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. | 8.8 |
| 2022-08-19 | CVE-2022-36577 | Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 2.3.1 An issue was discovered in jizhicms v2.3.1. | 8.8 |
| 2022-08-19 | CVE-2022-36578 | SQL Injection vulnerability in Jizhicms 2.3.1 jizhicms v2.3.1 has SQL injection in the background. | 9.8 |
| 2022-06-09 | CVE-2022-31390 | Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 2.2.5 Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. | 9.1 |
| 2022-06-09 | CVE-2022-31393 | Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 2.2.5 Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. | 9.1 |
| 2022-04-25 | CVE-2022-27429 | Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 1.9.5 Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. | 9.8 |
| 2021-10-01 | CVE-2020-21228 | Cross-site Scripting vulnerability in Jizhicms 1.5.1 JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. | 6.1 |
| 2021-09-15 | CVE-2020-21483 | Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 1.5 An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file. | 7.2 |
| 2021-01-11 | CVE-2020-23644 | Cross-site Scripting vulnerability in Jizhicms 1.7.1 XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. | 6.1 |