Jizhicms: >> Jizhicms Security Vulnerabilities
jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-19
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-03-15
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-15
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-02-03
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-11-23
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-11-23
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html
CVSS Score
8.8
EPSS Score
0.001
Published
2022-11-23
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-08-19
jizhicms v2.3.1 has SQL injection in the background.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-08-19
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-06-09