CVE-2026-6978 JiZhiCMS addcache.html htmlspecialchars_decode sql injection

A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

CVE-2026-6978 JiZhiCMS addcache.html htmlspecialchars_decode sql injection

A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

CVE-2026-6978

CVE-2026-6978 affects JiZhiCMS versions up to 2.5.6. The vulnerability is in the htmlspecialchars_decode usage in /index.php/admins/Sys/addcache.html, where manipulation of the sqls parameter enables SQL injection. The flaw allows remote exploitation, and the exploit is publicly available. The ve...

CVE-2018-19083

WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialcharsdecode function via the /?/publish/ajax/publishquestion/ questioncontent parameter...

Default configuration

WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialcharsdecode function via the /?/publish/ajax/publishquestion/ questioncontent parameter...

CVE-2018-19083

WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialcharsdecode function via the /?/publish/ajax/publishquestion/ questioncontent parameter...

CVE-2018-19083

WeCenter versions 3.2.0–3.2.2 contain a cross‑site scripting (XSS) vulnerability in the template views/default/question/index.tpl.html where htmlspecialchars_decode is applied to the question_content parameter passed via /?/publish/ajax/publish_question/. The CVE entry specifies the affected comp...