Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jizhicms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-27429
Jizhicms v1.9.5 exists to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
Jizhicms Jizhicms 1.9.5
6.8
CVSSv2
CVE-2019-17593
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
Jizhicms Jizhicms 1.5.1
6.5
CVSSv2
CVE-2020-21483
An arbitrary file upload vulnerability in Jizhicms v1.5 allows malicious users to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
Jizhicms Jizhicms 1.5
6.4
CVSSv2
CVE-2022-31390
Jizhicms v2.2.5 exists to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
Jizhicms Jizhicms 2.2.5
6.4
CVSSv2
CVE-2022-31393
Jizhicms v2.2.5 exists to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
Jizhicms Jizhicms 2.2.5
4.3
CVSSv2
CVE-2020-21228
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows malicious users to arbitrarily add an administrator cookie.
Jizhicms Jizhicms 1.5.1
4.3
CVSSv2
CVE-2020-23643
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.
Jizhicms Jizhicms 1.7.1
4.3
CVSSv2
CVE-2020-23644
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
Jizhicms Jizhicms 1.7.1
NA
CVE-2024-34255
jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function.
NA
CVE-2024-33338
Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote malicious user to obtain sensitive information via a crafted article publication request.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »