Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jizhicms vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2022-31393
Jizhicms v2.2.5 exists to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
Jizhicms Jizhicms 2.2.5
6.4
CVSSv2
CVE-2022-31390
Jizhicms v2.2.5 exists to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
Jizhicms Jizhicms 2.2.5
4.3
CVSSv2
CVE-2020-23644
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
Jizhicms Jizhicms 1.7.1
NA
CVE-2023-43836
There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information
Jizhicms Jizhicms 2.4.9
NA
CVE-2023-27234
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows malicious users to arbitrarily make configuration changes within the application.
Jizhicms Jizhicms 2.4.5
NA
CVE-2023-27235
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows malicious users to execute arbitrary code via a crafted phtml file.
Jizhicms Jizhicms 2.4.5
NA
CVE-2023-50692
File Upload vulnerability in JIZHICMS v.2.5, allows remote malicious user to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.
Jizhicms Jizhicms 2.5
6.8
CVSSv2
CVE-2019-17593
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
Jizhicms Jizhicms 1.5.1
NA
CVE-2022-45278
Jizhicms v2.3.3 exists to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.
Jizhicms Jizhicms 2.3.3
NA
CVE-2022-36577
An issue exists in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
Jizhicms Jizhicms 2.3.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »