Unrated severityNVD Advisory· Published Feb 5, 2026· Updated Mar 5, 2026
jizhiCMS 1.6.7 - Arbitrary File Download
CVE-2020-37117
Description
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/48361mitreexploit
- www.vulncheck.com/advisories/jizhicms-arbitrary-file-downloadmitrethird-party-advisory
- www.jizhicms.cnmitreproduct
News mentions
0No linked articles in our index yet.