📦 Jizhicms

An arbitrary file upload vulnerability in Jizhicms v2.5.4 allows attackers to upload malicious Zip files containing PHP code, which can be executed on the server. This leads to remote code execution (...

jizhiCMS 2.5 contains an unrestricted file upload vulnerability that allows attackers to upload malicious files to the server. This affects all installations of jizhiCMS version 2.5, potentially leadi...

Jizhicms v2.5 contains an arbitrary file download vulnerability in the admin plugin controller that allows attackers to download any file from the server. This affects all Jizhicms v2.5 installations ...

This SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to execute arbitrary SQL commands through the add or edit article pages. Attackers can potentially read, modify, or delete database ...

Jizhicms v2.2.5 contains a Server-Side Request Forgery (SSRF) vulnerability in the PluginsController.php Index function. This allows attackers to make the server send unauthorized requests to internal...

Jizhicms v1.9.5 contains a Server-Side Request Forgery (SSRF) vulnerability in the /admin.php/Plugins/update.html endpoint. This allows attackers to make the server send unauthorized requests to inter...

This vulnerability allows authenticated administrators in jizhiCMS 1.6.7 to download arbitrary files from the server by exploiting the admin plugins update endpoint. Attackers can craft POST requests ...

This is a Cross-Site Scripting (XSS) vulnerability in jizhicms v2.5.4 that allows remote attackers to inject malicious scripts via crafted article publication requests. When exploited, it can lead to ...

This vulnerability allows remote attackers to upload malicious files to JIZHICMS v2.5 through the download_url parameter, potentially leading to arbitrary code execution. Any organization running the ...

This vulnerability allows attackers to upload malicious .phtml files to Jizhicms administration panels, leading to remote code execution. Any organization running Jizhicms v2.4.5 with the vulnerable c...

CVE-2020-21483 is an arbitrary file upload vulnerability in Jizhicms v1.5 that allows attackers to upload malicious files disguised as .jpg images, which are later renamed to PHP files to execute arbi...

This SQL injection vulnerability in JIZHICMS allows remote attackers to manipulate database queries through the aid/tid parameters in the comment functionality. Attackers could potentially read, modif...

This SQL injection vulnerability in JIZHICMS allows attackers to execute arbitrary SQL commands through the batch comment deletion functionality. Attackers can potentially read, modify, or delete data...

This vulnerability in JIZHICMS allows improper authorization through manipulation of the 'ishot' parameter in the Article Handler component. Attackers can exploit this remotely to bypass access contro...

This vulnerability allows attackers to inject malicious scripts into JIZHICMS comment sections through the body parameter. When administrators view these comments, the scripts execute in their browser...