Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jizhicms
(Jizhicms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-19 | CVE-2022-36577 | An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin. | Jizhicms | 8.8 | ||
| 2022-08-19 | CVE-2022-36578 | jizhicms v2.3.1 has SQL injection in the background. | Jizhicms | 9.8 | ||
| 2022-11-23 | CVE-2022-44140 | Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. | Jizhicms | 8.8 | ||
| 2022-11-23 | CVE-2022-45278 | Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. | Jizhicms | 8.8 | ||
| 2023-02-03 | CVE-2021-36484 | SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. | Jizhicms | 9.8 | ||
| 2023-03-15 | CVE-2023-27235 | An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. | Jizhicms | 7.2 | ||
| 2023-05-27 | CVE-2023-2927 | A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability. | Jizhicms | 9.8 | ||
| 2023-08-03 | CVE-2023-38948 | An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin. | Jizhicms | 7.2 | ||
| 2023-10-02 | CVE-2023-43836 | There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information | Jizhicms | 6.5 | ||
| 2023-12-28 | CVE-2023-50692 | File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. | Jizhicms | 8.8 |