Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31390 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. | |||||
| CVE-2022-27429 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. | |||||
| CVE-2021-29334 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html | |||||
| CVE-2020-23644 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. | |||||
| CVE-2020-23643 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php. | |||||
| CVE-2020-21483 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file. | |||||
| CVE-2020-21228 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. | |||||
| CVE-2019-17593 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator. | |||||