Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component...
9.8CVSS
7.9AI Score
0.001EPSS
File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/...
8.8CVSS
8.4AI Score
0.001EPSS
There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database...
6.5CVSS
6.6AI Score
0.0005EPSS
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted...
7.2CVSS
7.2AI Score
0.001EPSS
A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...
9.8CVSS
9.5AI Score
0.001EPSS
jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the...
5.4CVSS
5.4AI Score
0.001EPSS
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml...
7.2CVSS
7.2AI Score
0.001EPSS
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the...
6.5CVSS
6.5AI Score
0.001EPSS
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article...
9.8CVSS
9.8AI Score
0.001EPSS
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html...
8.8CVSS
9AI Score
0.001EPSS
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index,...
8.8CVSS
8.6AI Score
0.001EPSS
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html...
8.8CVSS
9AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a...
8.8CVSS
8.6AI Score
0.001EPSS
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in...
9.1CVSS
9.2AI Score
0.002EPSS
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in...
9.1CVSS
9.2AI Score
0.002EPSS
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via...
9.8CVSS
9.5AI Score
0.002EPSS
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator...
6.1CVSS
6AI Score
0.001EPSS
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP...
7.2CVSS
8.2AI Score
0.001EPSS
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to...
6.1CVSS
6.4AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.001EPSS
8.8CVSS
7.4AI Score
0.001EPSS