Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jizhicms vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2022-31390
Jizhicms v2.2.5 exists to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
Jizhicms Jizhicms 2.2.5
570
VMScore
CVE-2022-31393
Jizhicms v2.2.5 exists to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
Jizhicms Jizhicms 2.2.5
NA
CVE-2023-31862
jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows malicious users to publish an article containing malicious JavaScript scrip...
Jizhicms Jizhicms 2.4.6
NA
CVE-2022-44140
Jizhicms v2.3.3 exists to contain a SQL injection vulnerability via the /Member/memberedit.html component.
Jizhicms Jizhicms 2.3.3
NA
CVE-2021-36484
SQL injection vulnerability in JIZHICMS 1.9.5 allows malicious users to run arbitrary SQL commands via add or edit article page.
Jizhicms Jizhicms 1.9.5
NA
CVE-2023-27234
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows malicious users to arbitrarily make configuration changes within the application.
Jizhicms Jizhicms 2.4.5
NA
CVE-2023-27235
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows malicious users to execute arbitrary code via a crafted phtml file.
Jizhicms Jizhicms 2.4.5
NA
CVE-2023-38948
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows malicious users to execute arbitrary code via downloading a crafted plugin.
Jizhicms Jizhicms 1.9.5
NA
CVE-2022-45278
Jizhicms v2.3.3 exists to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.
Jizhicms Jizhicms 2.3.3
NA
CVE-2023-43836
There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information
Jizhicms Jizhicms 2.4.9
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »