VYPR

Jizhicms

by Jizhicms

Source repositories

CVEs (40)

  • CVE-2023-43836Oct 2, 2023
    risk 0.00cvss epss 0.01

    There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information

  • CVE-2023-38948Aug 3, 2023
    risk 0.00cvss epss 0.01

    An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.

  • CVE-2023-2927May 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The…

  • CVE-2023-31862May 19, 2023
    risk 0.00cvss epss 0.00

    jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by…

  • CVE-2023-27235Mar 15, 2023
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.

  • CVE-2023-27234Mar 15, 2023
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.

  • CVE-2021-36484Feb 3, 2023
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.

  • CVE-2022-45278Nov 23, 2022
    risk 0.00cvss epss 0.01

    Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.

  • CVE-2021-29334Nov 23, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html

  • CVE-2022-44140Nov 23, 2022
    risk 0.00cvss epss 0.01

    Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.

  • CVE-2022-36578Aug 19, 2022
    risk 0.00cvss epss 0.01

    jizhicms v2.3.1 has SQL injection in the background.

  • CVE-2022-36577Aug 19, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.

  • CVE-2022-31393Jun 9, 2022
    risk 0.00cvss epss 0.01

    Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.

  • CVE-2022-31390Jun 9, 2022
    risk 0.00cvss epss 0.01

    Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.

  • CVE-2022-27429Apr 25, 2022
    risk 0.00cvss epss 0.01

    Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.

  • CVE-2020-21228Oct 1, 2021
    risk 0.00cvss epss 0.01

    JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.

  • CVE-2020-21483Sep 15, 2021
    risk 0.00cvss epss 0.02

    An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.

  • CVE-2020-23644Jan 11, 2021
    risk 0.00cvss epss 0.01

    XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.

  • CVE-2020-23643Jan 11, 2021
    risk 0.00cvss epss 0.01

    XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.

  • CVE-2019-17593Oct 14, 2019
    risk 0.00cvss epss 0.00

    JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.

Page 2 of 2