Product
jizhicms
39 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-50229
CVE-2025-50228
CVE-2026-29840
CVE-2026-3292
CVE-2025-70397
CVE-2020-37117
CVE-2025-14013
CVE-2025-14012
CVE-2025-14011
CVE-2025-2639
CVE-2025-2638
CVE-2025-2637
CVE-2025-25785
CVE-2025-25784
CVE-2024-34255
CVE-2024-33338
CVE-2024-32161
CVE-2023-51154
CVE-2023-50692
CVE-2023-43836
CVE-2023-38948
CVE-2023-2927
CVE-2023-31862
CVE-2023-27235
CVE-2023-27234
CVE-2021-36484
CVE-2022-45278
CVE-2022-44140
CVE-2021-29334
CVE-2022-36578
CVE-2022-36577
CVE-2022-31393
CVE-2022-31390
CVE-2022-27429
CVE-2020-21228
CVE-2020-21483
CVE-2020-23644
CVE-2020-23643
CVE-2019-17593
all versions
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.
all versions
Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules.
<= 2.5.6
JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function within app/home/c/Us
<= 2.5.6
A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Mode
all versions
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.
all versions
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrator
<= 2.5.5
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/
<= 2.5.5
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file
<= 2.5.5
A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addc
<= 1.7
A vulnerability has been found in JIZHICMS up to 1.7.0 and classified as problematic. This vulnerability affects unknown code of t
<= 1.7
A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file
<= 1.7
A vulnerability, which was classified as problematic, has been found in JIZHICMS up to 1.7.0. Affected by this issue is some unkno
all versions
JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vu
all versions
An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute a
all versions
jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function.
all versions
Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted arti
all versions
jizhiCMS 2.5 suffers from a File upload vulnerability.
all versions
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.
all versions
File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and down
all versions
There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information
all versions
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute
all versions
A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file Templa
all versions
jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtere
all versions
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execu
all versions
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration chang
all versions
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.
all versions
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component
all versions
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.
all versions
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admi
all versions
jizhicms v2.3.1 has SQL injection in the background.
all versions
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
all versions
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c
all versions
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/
all versions
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
all versions
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to
all versions
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which i
all versions
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
all versions
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.
all versions
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.