Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Jizhicms Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-51154 1 Jizhicms 1 Jizhicms 2024-01-10 N/A 9.8 CRITICAL
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.
CVE-2023-50692 1 Jizhicms 1 Jizhicms 2024-01-04 N/A 8.8 HIGH
File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.
CVE-2023-38948 1 Jizhicms 1 Jizhicms 2023-08-08 N/A 7.2 HIGH
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.
CVE-2022-31390 1 Jizhicms 1 Jizhicms 2022-06-15 6.4 MEDIUM 9.1 CRITICAL
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
CVE-2022-31393 1 Jizhicms 1 Jizhicms 2022-06-15 6.4 MEDIUM 9.1 CRITICAL
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
CVE-2022-27429 1 Jizhicms 1 Jizhicms 2022-05-05 7.5 HIGH 9.8 CRITICAL
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
CVE-2020-21228 1 Jizhicms 1 Jizhicms 2021-10-07 4.3 MEDIUM 6.1 MEDIUM
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
CVE-2020-21483 1 Jizhicms 1 Jizhicms 2021-09-28 6.5 MEDIUM 7.2 HIGH
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
CVE-2020-23644 1 Jizhicms 1 Jizhicms 2021-01-13 4.3 MEDIUM 6.1 MEDIUM
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
CVE-2020-23643 1 Jizhicms 1 Jizhicms 2021-01-13 4.3 MEDIUM 6.1 MEDIUM
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.
CVE-2019-17593 1 Jizhicms 1 Jizhicms 2019-10-16 6.8 MEDIUM 8.8 HIGH
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.