Filtered by vendor Jizhicms Subscriptions
Filtered by product Jizhicms Subscriptions
Total 23 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-32161 1 Jizhicms 1 Jizhicms 2024-11-21 9.8 Critical
jizhiCMS 2.5 suffers from a File upload vulnerability.
CVE-2023-51154 1 Jizhicms 1 Jizhicms 2024-11-21 9.8 Critical
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.
CVE-2023-50692 1 Jizhicms 1 Jizhicms 2024-11-21 8.8 High
File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.
CVE-2023-43836 1 Jizhicms 1 Jizhicms 2024-11-21 6.5 Medium
There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information
CVE-2023-38948 1 Jizhicms 1 Jizhicms 2024-11-21 7.2 High
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.
CVE-2023-31862 1 Jizhicms 1 Jizhicms 2024-11-21 5.4 Medium
jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.
CVE-2023-2927 1 Jizhicms 1 Jizhicms 2024-11-21 6.3 Medium
A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability.
CVE-2023-27235 1 Jizhicms 1 Jizhicms 2024-11-21 7.2 High
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.
CVE-2023-27234 1 Jizhicms 1 Jizhicms 2024-11-21 6.5 Medium
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.
CVE-2022-45278 1 Jizhicms 1 Jizhicms 2024-11-21 8.8 High
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.
CVE-2022-44140 1 Jizhicms 1 Jizhicms 2024-11-21 8.8 High
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.
CVE-2022-36578 1 Jizhicms 1 Jizhicms 2024-11-21 9.8 Critical
jizhicms v2.3.1 has SQL injection in the background.
CVE-2022-36577 1 Jizhicms 1 Jizhicms 2024-11-21 8.8 High
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
CVE-2022-31393 1 Jizhicms 1 Jizhicms 2024-11-21 9.1 Critical
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
CVE-2022-31390 1 Jizhicms 1 Jizhicms 2024-11-21 9.1 Critical
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
CVE-2022-27429 1 Jizhicms 1 Jizhicms 2024-11-21 9.8 Critical
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
CVE-2021-36484 1 Jizhicms 1 Jizhicms 2024-11-21 9.8 Critical
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.
CVE-2021-29334 1 Jizhicms 1 Jizhicms 2024-11-21 8.8 High
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html
CVE-2020-23644 1 Jizhicms 1 Jizhicms 2024-11-21 6.1 Medium
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
CVE-2020-23643 1 Jizhicms 1 Jizhicms 2024-11-21 6.1 Medium
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.