Shodan
Vulnerabilities
Vulnerable Software
Jizhicms:  >> Jizhicms  Security Vulnerabilities
CVE-2025-25784
An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.
CVSS Score
9.8
EPSS Score
0.007
Published
2025-02-26
CVE-2025-25785
JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-02-26
CVE-2024-34255
jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-05-08
CVE-2024-33338
Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request.
CVSS Score
7.3
EPSS Score
0.013
Published
2024-04-29
CVE-2024-32161
jizhiCMS 2.5 suffers from a File upload vulnerability.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-04-17
CVE-2023-51154
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-01-04
CVE-2023-50692
File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.
CVSS Score
8.8
EPSS Score
0.018
Published
2023-12-28
CVE-2023-43836
There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-02
CVE-2023-38948
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-08-03
CVE-2023-2927
A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-05-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved