Lucene search

PRIOn knowledge basePRION:CVE-2023-50692

HistoryDec 28, 2023 - 6:15 a.m.

Unrestricted file upload

2023-12-2806:15:00

PRIOn knowledge base

www.prio-n.com

file upload

vulnerability

arbitrary code

remote attacker

crafted file

download url

injection

jizhicms

nvd.

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.2%

JSON

File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.

CPENameOperatorVersion
jizhicmseq2.5

CPE	Name	Operator	Version
	jizhicms	eq	2.5

References

github.com/Cherry-toto/jizhicms/issues/91