Jizhicms: >> Jizhicms >> 2.5.4 Security Vulnerabilities
An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-02-26
JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-02-26
Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request.
CVSS Score
7.3
EPSS Score
0.011
Published
2024-04-29