Medium severity4.7NVD Advisory· Published Dec 4, 2025· Updated Apr 29, 2026
CVE-2025-14011
CVE-2025-14011
Description
A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/24-2021/vul2/blob/main/jizhicms%3DV2.5.5-addcomment.html-aid%20parameter-SQL%20injection/jizhicms-addcomment.html-aid%20parameter-SQL%20injection.mdnvdExploitThird Party Advisory
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.