Jizhicms: >> Jizhicms >> 2.4.5 Security Vulnerabilities
A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-05-27
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-03-15
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-15