17 matches found
CVE-2025-70397
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter...
CVE-2020-23643
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1=XSS to Home/c/WechatController.php...
CVE-2022-27429
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via /admin.php/Plugins/update.html...
EUVD-2022-39283
Malicious code in bioql PyPI...
EUVD-2022-47090
Malicious code in bioql PyPI...
EUVD-2022-48178
Malicious code in bioql PyPI...
CVE-2023-51154
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php...
CVE-2023-43836
There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information...
CVE-2023-31862
jizhicms v2.4.6 is vulnerable to Cross Site Scripting XSS. The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the reque...
CVE-2022-45278
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/getfields.html component...
CVE-2022-44140
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component...
PT-2024-25772 · Jizhicms · Jizhicms
Name of the Vulnerable Software and Affected Versions: jizhicms version 2.5.1 Description: The issue is related to a Cross-Site Scripting XSS vulnerability in the message function. This vulnerability allows for the injection of malicious scripts. To prevent exploitation, it is recommended to...
CVE-2023-50692
File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the downloadurl parameter in the app/admin/exts/ directory...
PT-2023-23496 · Jizhicms · Jizhicms
Name of the Vulnerable Software and Affected Versions: jizhicms version 2.4.6 Description: The issue allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package, as the content of the article published in the front end is only filtered in the...
CVE-2021-36484
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page...
CVE-2022-45278
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/getfields.html component...
CVE-2022-31393
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Index function in app/admin/c/PluginsController.php...