CVE-2025-50229

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

CVE-2025-25784

An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file...

CVE-2025-25785

CVE-2025-25785 affects JizhiCMS v2.5.4 through a Server-Side Request Forgery (SSRF) in the c\PluginsController.php component. The vulnerability enables an attacker to initiate an intranet scan via a crafted request. The reported impact is high confidentiality and integrity risk (C/H, I/H) with no...

CVE-2023-39136

An unhandled edge case in the component sanitizedPath of ZipArchive v2.5.4 allows attackers to cause a Denial of Service DoS via a crafted zip file...

CVE-2023-33394

skycaiji v2.5.4 is vulnerable to Cross Site Scripting XSS. Attackers can achieve backend XSS by deploying malicious JSON data...

CVE-2023-33394

CVE-2023-33394 affects skycaiji v2.5.4. The issue enables backend Cross Site Scripting (XSS) by processing malicious JSON data, allowing an attacker to inject scripts that run within the backend context. Multiple connected sources confirm the vulnerability class and affected version with no publi...

Remote access vulnerability using File Thingie v2.5.4

============================================================ !vuln File Thingie v2.5.4 Previous versions may also be affected. ============================================================ ============================================================ !risk Low There are currently just a few website...