Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jizhicms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38948
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows malicious users to execute arbitrary code via downloading a crafted plugin.
Jizhicms Jizhicms 1.9.5
4.3
CVSSv2
CVE-2020-21228
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows malicious users to arbitrarily add an administrator cookie.
Jizhicms Jizhicms 1.5.1
6.5
CVSSv2
CVE-2020-21483
An arbitrary file upload vulnerability in Jizhicms v1.5 allows malicious users to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
Jizhicms Jizhicms 1.5
NA
CVE-2023-31862
jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows malicious users to publish an article containing malicious JavaScript scrip...
Jizhicms Jizhicms 2.4.6
6.8
CVSSv2
CVE-2019-17593
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
Jizhicms Jizhicms 1.5.1
NA
CVE-2021-36484
SQL injection vulnerability in JIZHICMS 1.9.5 allows malicious users to run arbitrary SQL commands via add or edit article page.
Jizhicms Jizhicms 1.9.5
NA
CVE-2023-2927
A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The expl...
Jizhicms Jizhicms 2.4.5
7.5
CVSSv2
CVE-2022-27429
Jizhicms v1.9.5 exists to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
Jizhicms Jizhicms 1.9.5
NA
CVE-2023-50692
File Upload vulnerability in JIZHICMS v.2.5, allows remote malicious user to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.
Jizhicms Jizhicms 2.5
NA
CVE-2023-51154
Jizhicms v2.5 exists to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.
Jizhicms Jizhicms 2.5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »