Unrated severityNVD Advisory· Published Feb 5, 2026· Updated Mar 5, 2026
jizhiCMS 1.6.7 - Arbitrary File Download
CVE-2020-37117
Description
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/48361mitreexploit
- www.vulncheck.com/advisories/jizhicms-arbitrary-file-downloadmitrethird-party-advisory
- www.jizhicms.cnmitreproduct
News mentions
0No linked articles in our index yet.