Product:

Jizhicms

(Jizhicms)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 22
Date Id Summary Products Score Patch Annotated
2022-11-23 CVE-2022-44140 Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component. Jizhicms 8.8
2022-11-23 CVE-2022-45278 Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. Jizhicms 8.8
2022-08-19 CVE-2022-36577 An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin. Jizhicms 8.8
2022-08-19 CVE-2022-36578 jizhicms v2.3.1 has SQL injection in the background. Jizhicms 9.8
2022-06-09 CVE-2022-31390 Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. Jizhicms 9.1
2022-06-09 CVE-2022-31393 Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. Jizhicms 9.1
2022-04-25 CVE-2022-27429 Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. Jizhicms 9.8
2021-10-01 CVE-2020-21228 JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. Jizhicms 6.1
2021-09-15 CVE-2020-21483 An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file. Jizhicms 7.2
2021-01-11 CVE-2020-23644 XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. Jizhicms 6.1