Every CVE whose affected-product data names Jizhicms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (39)
CVE-2021-36484 — CVSS 9.8 (critical): SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.
CVE-2022-27429 — CVSS 9.8 (critical): Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
CVE-2023-51154 — CVSS 9.8 (critical): Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.
CVE-2025-25784 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary…
CVE-2022-31390 — CVSS 9.1 (critical): Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in…
CVE-2025-50228 — CVSS 9.1 (critical): Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules.
CVE-2025-25785 — CVSS 9.1 (critical): JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This…
CVE-2022-31393 — CVSS 9.1 (critical): Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in…
CVE-2023-50692 — CVSS 8.8 (high): File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to…
CVE-2022-44140 — CVSS 8.8 (high): Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.
CVE-2022-45278 — CVSS 8.8 (high): Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.
CVE-2021-29334 — CVSS 8.8 (high): An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd…
CVE-2020-37117 — CVSS 8.8 (high): jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to…
CVE-2022-36577 — CVSS 8.8 (high): An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
CVE-2024-33338 — CVSS 7.3 (high): Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article…
CVE-2023-38948 — CVSS 7.2 (high): An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary…
CVE-2020-21483 — CVSS 7.2 (high): An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later…
CVE-2023-27235 — CVSS 7.2 (high): An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute…
CVE-2025-70397 — CVSS 7.2 (high): jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.
CVE-2023-27234 — CVSS 6.5 (medium): A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within…
CVE-2023-43836 — CVSS 6.5 (medium): There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information
CVE-2026-3292 — CVSS 6.3 (medium): A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of…
CVE-2023-2927 — CVSS 6.3 (medium): A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file…
CVE-2020-21228 — CVSS 6.1 (medium): JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to…
CVE-2020-23643 — CVSS 6.1 (medium): XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.
CVE-2023-31862 — CVSS 5.4 (medium): jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the…
CVE-2026-29840 — CVSS 5.4 (medium): JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function within app/home/c/UserControll…
CVE-2025-14012 — CVSS 4.7 (medium): A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file…
CVE-2025-14011 — CVSS 4.7 (medium): A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.htm…
CVE-2025-2639 — CVSS 4.3 (medium): A vulnerability has been found in JIZHICMS up to 1.7.0 and classified as problematic. This vulnerability affects unknown code of the file…
CVE-2025-2637 — CVSS 4.3 (medium): A vulnerability, which was classified as problematic, has been found in JIZHICMS up to 1.7.0. Affected by this issue is some unknown…
CVE-2025-2638 — CVSS 4.3 (medium): A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file…
CVE-2025-14013 — CVSS 2.4 (low): A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/ad…