Vulnerabilities > Jizhicms

DATE CVE VULNERABILITY TITLE RISK
2023-03-15 CVE-2023-27235 Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 2.4.5
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.
network
low complexity
jizhicms CWE-434
7.2
7.2
2023-02-03 CVE-2021-36484 SQL Injection vulnerability in Jizhicms 1.9.5
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.
network
low complexity
jizhicms CWE-89
critical
 9.8
9.8
2022-11-23 CVE-2022-45278 SQL Injection vulnerability in Jizhicms 2.3.3
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.
network
low complexity
jizhicms CWE-89
8.8
8.8
2022-11-23 CVE-2021-29334 Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 1.9.4
An issue was discovered in JIZHI CMS 1.9.4.
network
low complexity
jizhicms CWE-352
8.8
8.8
2022-11-23 CVE-2022-44140 SQL Injection vulnerability in Jizhicms 2.3.3
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.
network
low complexity
jizhicms CWE-89
8.8
8.8
2022-08-19 CVE-2022-36577 Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 2.3.1
An issue was discovered in jizhicms v2.3.1.
network
low complexity
jizhicms CWE-352
8.8
8.8
2022-08-19 CVE-2022-36578 SQL Injection vulnerability in Jizhicms 2.3.1
jizhicms v2.3.1 has SQL injection in the background.
network
low complexity
jizhicms CWE-89
critical
 9.8
9.8
2022-06-09 CVE-2022-31390 Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 2.2.5
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
network
low complexity
jizhicms CWE-918
critical
 9.1
9.1
2022-06-09 CVE-2022-31393 Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 2.2.5
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
network
low complexity
jizhicms CWE-918
critical
 9.1
9.1
2022-04-25 CVE-2022-27429 Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 1.9.5
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
network
low complexity
jizhicms CWE-918
critical
 9.8
9.8