Jizhicms CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Jizhicms Subscriptions

Filtered by product Jizhicms Subscriptions

Search

Switch to Advanced Search (Beta)

Total 28 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-31390	1 Jizhicms	1 Jizhicms	2024-11-21	9.1 Critical
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
CVE-2022-27429	1 Jizhicms	1 Jizhicms	2024-11-21	9.8 Critical
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
CVE-2021-29334	1 Jizhicms	1 Jizhicms	2024-11-21	8.8 High
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html
CVE-2020-23644	1 Jizhicms	1 Jizhicms	2024-11-21	6.1 Medium
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
CVE-2020-23643	1 Jizhicms	1 Jizhicms	2024-11-21	6.1 Medium
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.
CVE-2020-21483	1 Jizhicms	1 Jizhicms	2024-11-21	7.2 High
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
CVE-2020-21228	1 Jizhicms	1 Jizhicms	2024-11-21	6.1 Medium
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
CVE-2019-17593	1 Jizhicms	1 Jizhicms	2024-11-21	8.8 High
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.

« first previous Page 2 of 2.