Vulnerabilities > Jizhicms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-02 | CVE-2023-43836 | SQL Injection vulnerability in Jizhicms 2.4.9 There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information | 6.5 |
| 2023-05-19 | CVE-2023-31862 | Cross-site Scripting vulnerability in Jizhicms 2.4.6 jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). | 5.4 |
| 2023-03-15 | CVE-2023-27234 | Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 2.4.5 A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. | 6.5 |
| 2022-06-09 | CVE-2022-31390 | Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 2.2.5 Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. | 6.4 |
| 2022-06-09 | CVE-2022-31393 | Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 2.2.5 Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. | 6.4 |
| 2021-10-01 | CVE-2020-21228 | Cross-site Scripting vulnerability in Jizhicms 1.5.1 JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. | 4.3 |
| 2021-09-15 | CVE-2020-21483 | Unrestricted Upload of File with Dangerous Type vulnerability in Jizhicms 1.5 An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file. | 6.5 |
| 2021-01-11 | CVE-2020-23644 | Cross-site Scripting vulnerability in Jizhicms 1.7.1 XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. | 4.3 |
| 2021-01-11 | CVE-2020-23643 | Cross-site Scripting vulnerability in Jizhicms 1.7.1 XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php. | 4.3 |
| 2019-10-14 | CVE-2019-17593 | Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 1.5.1 JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator. | 6.8 |