Lucene search
K

28 matches found

Cvelist
Cvelist
added 2026/04/25 11:45 a.m.37 views

CVE-2026-6978 JiZhiCMS addcache.html htmlspecialchars_decode sql injection

A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

5.8CVSS0.00253EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/18 1:41 a.m.7 views

CVE-2025-70397

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...

7.2CVSS5.9AI score0.00336EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/12/04 5:32 p.m.6 views

CVE-2025-14012

A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...

7.2CVSS5.3AI score0.00334EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-15970

Malware in sbrugna...

8.8CVSS8.5AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-42708

Malicious code in bioql PyPI...

7.2CVSS7AI score0.00862EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.11 views

CVE-2023-38948

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin...

7.2CVSS7.7AI score0.00862EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 7:35 p.m.8 views

CVE-2021-29334

An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html...

8.8CVSS6.9AI score0.00302EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/08/03 4:15 p.m.5 views

CVE-2023-38948

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin...

7.2CVSS7.5AI score0.00862EPSS
Exploits1References2
NVD
NVD
added 2023/08/03 4:15 p.m.13 views

CVE-2023-38948

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin...

7.2CVSS7.2AI score0.00862EPSS
Exploits1References1
OSV
OSV
added 2023/08/03 4:15 p.m.15 views

CVE-2023-38948

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin...

7.2CVSS8AI score
Exploits0References1
Cvelist
Cvelist
added 2023/08/03 12:0 a.m.16 views

CVE-2023-38948

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin...

7.4AI score0.00862EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/08/03 12:0 a.m.14 views

CVE-2023-38948

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin...

7.7AI score0.00862EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.4 views

PT-2023-26702 · Jizhicms · Jizhicms

Name of the Vulnerable Software and Affected Versions: jizhi CMS version 1.9.5 Description: The issue concerns an arbitrary file download vulnerability in the /c/PluginsController.php component. This vulnerability allows attackers to execute arbitrary code via downloading a crafted plugin...

7.2CVSS7.3AI score0.00862EPSS
Exploits1References4
CVE
CVE
added 2023/08/03 12:0 a.m.35 views

CVE-2023-38948

CVE-2023-38948 impacts jizhi CMS version 1.9.5, with the vulnerability located in the /c/PluginsController.php component. The issue allows an attacker to achieve arbitrary code execution by downloading a crafted plugin, i.e., an arbitrary file download vulnerability leading to code execution. The...

7.2CVSS7.2AI score0.00862EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/05/19 1:15 p.m.3 views

CVE-2023-31862

jizhicms v2.4.6 is vulnerable to Cross Site Scripting XSS. The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the reque...

5.4CVSS5.8AI score0.00343EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/19 12:0 a.m.6 views

JIZHICMS 跨站脚本漏洞

Extreme Networks Technology JIZHICMS Extreme CMS is an open source content management system CMS from China's Extreme Networks Technology. A security vulnerability exists in JIZHICMS version v2.4.6, which stems from the presence of a Cross-Site Scripting Attack XSS vulnerability that allows an...

5.4CVSS5.6AI score0.00343EPSS
Exploits1References2
NVD
NVD
added 2022/11/23 8:15 p.m.19 views

CVE-2021-29334

An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html...

8.8CVSS0.00302EPSS
Exploits0References1
OSV
OSV
added 2022/11/23 8:15 p.m.16 views

CVE-2021-29334

An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html...

8.8CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2022/11/23 8:15 p.m.14 views

Cross site request forgery (csrf)

An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html...

6.8CVSS8.6AI score0.00302EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.4 views

JIZHICMS SQL注入漏洞

Extreme Networks Technology JIZHICMS Extreme CMS is an open source content management system CMS from China's Extreme Networks Technology Company. A SQL injection vulnerability exists in JIZHICMS v2.3.3, which can be exploited by attackers to perform SQL injection via the /Member/memberedit.html...

8.8CVSS8.1AI score0.0072EPSS
Exploits1References2
Rows per page
Query Builder