Jizhicms v2.5 exists to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.
jizhicms jizhicms 2.5.0