Jizhicms Security Vulnerabilities and Issues — Jizhicms CVE List

Lucene search

JizhicmsJizhicms

30 matches found

CVE•added 2023/10/02 9:15 p.m.•101 views

CVE-2023-43836

There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information

6.5CVSS6.4AI score0.00058EPSS

CVE•added 2019/10/14 9:15 p.m.•84 views

CVE-2019-17593

JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.

8.8CVSS8.6AI score0.00165EPSS

CVE•added 2022/06/09 2:15 p.m.•71 views

CVE-2022-31390

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.

9.1CVSS9.2AI score0.00277EPSS

CVE•added 2022/04/25 1:15 p.m.•69 views

CVE-2022-27429

Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.

9.8CVSS9.6AI score0.00299EPSS

CVE•added 2025/02/26 3:15 p.m.•65 views

CVE-2025-25785

JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.

9.1CVSS6.9AI score0.00053EPSS

CVE•added 2022/06/09 2:15 p.m.•57 views

CVE-2022-31393

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.

9.1CVSS9.2AI score0.00277EPSS

CVE•added 2024/04/17 6:15 p.m.•56 views

CVE-2024-32161

jizhiCMS 2.5 suffers from a File upload vulnerability.

9.8CVSS6.9AI score0.00112EPSS

CVE•added 2025/03/23 3:15 a.m.•55 views

CVE-2025-2639

A vulnerability has been found in JIZHICMS up to 1.7.0 and classified as problematic. This vulnerability affects unknown code of the file /user/release.html of the component Article Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been...

5.3CVSS5AI score0.00085EPSS

CVE•added 2025/03/23 2:15 a.m.•53 views

CVE-2025-2638

A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiate ...

5.3CVSS4.8AI score0.00063EPSS

CVE•added 2022/11/23 9:15 p.m.•51 views

CVE-2022-45278

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.

8.8CVSS9AI score0.00052EPSS

CVE•added 2025/02/26 3:15 p.m.•50 views

CVE-2025-25784

An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.

9.8CVSS7.4AI score0.00258EPSS

CVE•added 2022/08/19 5:15 p.m.•48 views

CVE-2022-36578

jizhicms v2.3.1 has SQL injection in the background.

9.8CVSS9.8AI score0.00083EPSS

CVE•added 2024/04/29 6:15 p.m.•47 views

CVE-2024-33338

Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request.

7.3CVSS5.9AI score0.01079EPSS

CVE•added 2024/05/08 1:15 p.m.•47 views

CVE-2024-34255

jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function.

6.1CVSS6.8AI score0.00241EPSS

CVE•added 2025/03/23 12:15 a.m.•47 views

CVE-2025-2637

A vulnerability, which was classified as problematic, has been found in JIZHICMS up to 1.7.0. Affected by this issue is some unknown functionality of the file /user/userinfo.html of the component Account Profile Page. The manipulation of the argument jifen leads to improper authorization. The attac...

5.3CVSS4.7AI score0.00083EPSS

CVE•added 2022/08/19 5:15 p.m.•46 views

CVE-2022-36577

An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.

8.8CVSS8.6AI score0.00094EPSS

CVE•added 2022/11/23 8:15 p.m.•45 views

CVE-2021-29334

An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html

8.8CVSS8.6AI score0.00064EPSS

CVE•added 2023/03/15 5:15 a.m.•45 views

CVE-2023-27235

An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.

7.2CVSS7.2AI score0.00178EPSS

CVE•added 2022/11/23 8:15 p.m.•41 views

CVE-2022-44140

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.

8.8CVSS9AI score0.00052EPSS

CVE•added 2021/10/01 9:15 p.m.•38 views

CVE-2020-21228

JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.

6.1CVSS5.8AI score0.00412EPSS

CVE•added 2023/03/15 5:15 a.m.•38 views

CVE-2023-27234

A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.

6.5CVSS6.5AI score0.00103EPSS

CVE•added 2021/01/11 2:15 p.m.•37 views

CVE-2020-23644

XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2023/05/27 9:15 a.m.•36 views

CVE-2023-2927

A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclo...

9.8CVSS8.1AI score0.00071EPSS

CVE•added 2023/05/19 1:15 p.m.•36 views

CVE-2023-31862

jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the reque...

5.4CVSS5.3AI score0.00085EPSS

CVE•added 2021/09/15 10:15 p.m.•35 views

CVE-2020-21483

An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.

7.2CVSS7.2AI score0.00993EPSS

CVE•added 2021/01/11 2:15 p.m.•32 views

CVE-2020-23643

XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2023/12/28 6:15 a.m.•32 views

CVE-2023-50692

File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.

8.8CVSS8.8AI score0.0129EPSS

CVE•added 2023/02/03 6:15 p.m.•29 views

CVE-2021-36484

SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.

9.8CVSS9.7AI score0.00056EPSS

CVE•added 2023/08/03 4:15 p.m.•25 views

CVE-2023-38948

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.

7.2CVSS7.2AI score0.00152EPSS

CVE•added 2024/01/04 7:15 p.m.•23 views

CVE-2023-51154

Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.

9.8CVSS9.6AI score0.00091EPSS