9 matches found
CVE-2026-29840
JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering...
CVE-2026-29840
JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering...
PT-2026-27448
JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering tags but fails to recursively remove dangerous event handlers in other HTML tags such as onerro...
ZhiCms Code Issues Vulnerabilities
ZhiCms is a professional buy-worthy system of ZhiCms community. ZhiCms 4.0 before the version of the code problem vulnerability, the vulnerability stems from app/plug/controller/giftcontroller.php in the existence of unknown parts, through the parameter mylike lead to deserialization...
ZhiCms suffers from SQL injection vulnerability (CNVD-2020-10169)
ZhiCms is a website building system to support the domestic mall Amoy Mall. ZhiCms has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...
ZhiCms suffers from SQL injection vulnerability (CNVD-2020-10173)
ZhiCms is a website building system to support the domestic mall Amoy Mall. ZhiCms has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...
ZhiCms suffers from SQL injection vulnerability (CNVD-2020-10174)
ZhiCms is a website building system to support the domestic mall Amoy Mall. ZhiCms has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...
ZhiCms v1.0.4 SQL Injection Vulnerability in Background gi***.php
ZhiCms is an enterprise building system based on PHP and mysql technology. ZhiCms v1.0.4 background gi.php SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...
ZhiCms V1.0.4 suffers from a command execution vulnerability (CNVD-2019-43081)
ZhiCms is an enterprise building system based on PHP and mysql technology. A code execution vulnerability exists in ZhiCms v1.0.4, which is due to the system failing to effectively filter input parameters. An attacker can exploit this vulnerability to write a Trojan horse and execute it to obtain...