Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jizhicms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-2927
A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The expl...
Jizhicms Jizhicms 2.4.5
8.8
CVSSv3
CVE-2021-29334
An issue exists in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html
Jizhicms Jizhicms 1.9.4
6.1
CVSSv3
CVE-2020-21228
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows malicious users to arbitrarily add an administrator cookie.
Jizhicms Jizhicms 1.5.1
8.8
CVSSv3
CVE-2019-17593
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
Jizhicms Jizhicms 1.5.1
7.2
CVSSv3
CVE-2023-38948
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows malicious users to execute arbitrary code via downloading a crafted plugin.
Jizhicms Jizhicms 1.9.5
6.5
CVSSv3
CVE-2023-43836
There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information
Jizhicms Jizhicms 2.4.9
6.5
CVSSv3
CVE-2023-27234
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows malicious users to arbitrarily make configuration changes within the application.
Jizhicms Jizhicms 2.4.5
7.2
CVSSv3
CVE-2023-27235
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows malicious users to execute arbitrary code via a crafted phtml file.
Jizhicms Jizhicms 2.4.5
6.1
CVSSv3
CVE-2020-23644
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
Jizhicms Jizhicms 1.7.1
8.8
CVSSv3
CVE-2022-36577
An issue exists in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
Jizhicms Jizhicms 2.3.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »