Vulnerabilities > Jizhicms > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-01-04 CVE-2023-51154 Unspecified vulnerability in Jizhicms 2.5.0
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.
network
low complexity
jizhicms
critical
 9.8
9.8
2023-05-27 CVE-2023-2927 Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 2.4.5
A vulnerability was found in JIZHICMS 2.4.5.
network
low complexity
jizhicms CWE-918
critical
 9.8
9.8
2023-02-03 CVE-2021-36484 SQL Injection vulnerability in Jizhicms 1.9.5
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.
network
low complexity
jizhicms CWE-89
critical
 9.8
9.8