Filtered by vendor Jizhicms
Subscriptions
Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14013 | 1 Jizhicms | 1 Jizhicms | 2025-12-05 | 2.4 Low |
| A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14012 | 1 Jizhicms | 1 Jizhicms | 2025-12-05 | 4.7 Medium |
| A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14011 | 1 Jizhicms | 1 Jizhicms | 2025-12-05 | 4.7 Medium |
| A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-51154 | 1 Jizhicms | 1 Jizhicms | 2025-06-18 | 9.8 Critical |
| Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php. | ||||
| CVE-2024-34255 | 1 Jizhicms | 1 Jizhicms | 2025-06-13 | 6.1 Medium |
| jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function. | ||||
| CVE-2021-29334 | 1 Jizhicms | 1 Jizhicms | 2025-04-29 | 8.8 High |
| An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html | ||||
| CVE-2022-45278 | 1 Jizhicms | 1 Jizhicms | 2025-04-25 | 8.8 High |
| Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. | ||||
| CVE-2022-44140 | 1 Jizhicms | 1 Jizhicms | 2025-04-25 | 8.8 High |
| Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. | ||||
| CVE-2024-33338 | 1 Jizhicms | 1 Jizhicms | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request. | ||||
| CVE-2024-32161 | 1 Jizhicms | 1 Jizhicms | 2025-04-18 | 9.8 Critical |
| jizhiCMS 2.5 suffers from a File upload vulnerability. | ||||
| CVE-2023-50692 | 1 Jizhicms | 1 Jizhicms | 2025-04-17 | 8.8 High |
| File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. | ||||
| CVE-2025-25784 | 1 Jizhicms | 1 Jizhicms | 2025-04-10 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file. | ||||
| CVE-2025-25785 | 1 Jizhicms | 1 Jizhicms | 2025-04-10 | 9.1 Critical |
| JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request. | ||||
| CVE-2025-2638 | 1 Jizhicms | 1 Jizhicms | 2025-04-02 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2637 | 1 Jizhicms | 1 Jizhicms | 2025-04-02 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in JIZHICMS up to 1.7.0. Affected by this issue is some unknown functionality of the file /user/userinfo.html of the component Account Profile Page. The manipulation of the argument jifen leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2639 | 1 Jizhicms | 1 Jizhicms | 2025-03-28 | 4.3 Medium |
| A vulnerability has been found in JIZHICMS up to 1.7.0 and classified as problematic. This vulnerability affects unknown code of the file /user/release.html of the component Article Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-36484 | 1 Jizhicms | 1 Jizhicms | 2025-03-26 | 9.8 Critical |
| SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. | ||||
| CVE-2023-27234 | 1 Jizhicms | 1 Jizhicms | 2025-02-27 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. | ||||
| CVE-2023-27235 | 1 Jizhicms | 1 Jizhicms | 2025-02-27 | 7.2 High |
| An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. | ||||
| CVE-2023-31862 | 1 Jizhicms | 1 Jizhicms | 2025-01-21 | 5.4 Medium |
| jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package. | ||||