Shodan
Vulnerabilities
Vulnerable Software
Jizhicms:  Security Vulnerabilities
CVE-2024-32161
jizhiCMS 2.5 suffers from a File upload vulnerability.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-04-17
CVE-2023-51154
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-01-04
CVE-2023-50692
File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.
CVSS Score
8.8
EPSS Score
0.018
Published
2023-12-28
CVE-2023-43836
There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-02
CVE-2023-38948
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-08-03
CVE-2023-2927
A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-05-27
CVE-2023-31862
jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-19
CVE-2023-27235
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-03-15
CVE-2023-27234
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-15
CVE-2021-36484
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved