Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jizhicms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-36578
jizhicms v2.3.1 has SQL injection in the background.
Jizhicms Jizhicms 2.3.1
9.8
CVSSv3
CVE-2021-36484
SQL injection vulnerability in JIZHICMS 1.9.5 allows malicious users to run arbitrary SQL commands via add or edit article page.
Jizhicms Jizhicms 1.9.5
7.2
CVSSv3
CVE-2020-21483
An arbitrary file upload vulnerability in Jizhicms v1.5 allows malicious users to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
Jizhicms Jizhicms 1.5
9.8
CVSSv3
CVE-2023-51154
Jizhicms v2.5 exists to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.
Jizhicms Jizhicms 2.5.0
9.8
CVSSv3
CVE-2022-27429
Jizhicms v1.9.5 exists to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
Jizhicms Jizhicms 1.9.5
6.1
CVSSv3
CVE-2020-23643
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.
Jizhicms Jizhicms 1.7.1
9.1
CVSSv3
CVE-2022-31390
Jizhicms v2.2.5 exists to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
Jizhicms Jizhicms 2.2.5
9.1
CVSSv3
CVE-2022-31393
Jizhicms v2.2.5 exists to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
Jizhicms Jizhicms 2.2.5
5.4
CVSSv3
CVE-2023-31862
jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows malicious users to publish an article containing malicious JavaScript scrip...
Jizhicms Jizhicms 2.4.6
8.8
CVSSv3
CVE-2023-50692
File Upload vulnerability in JIZHICMS v.2.5, allows remote malicious user to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.
Jizhicms Jizhicms 2.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »