Jizhicms: Security Vulnerabilities
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-08-19
jizhicms v2.3.1 has SQL injection in the background.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-19
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-06-09
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-06-09
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-04-25
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-10-01
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
CVSS Score
7.2
EPSS Score
0.01
Published
2021-09-15
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-11
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-11
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-10-14