Jizhicms: community verdicts
5 notable / known-exploited Jizhicms CVEs the community has triaged.
- CVE-2020-21228MED 6.1EPSS 1%
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
- CVE-2025-25784CRIT 9.8Real · low riskEPSS 1%
An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.
- CVE-2024-32161CRIT 9.8Real · low riskEPSS 1%
jizhiCMS 2.5 suffers from a File upload vulnerability.
- CVE-2025-25785CRIT 9.1Real · low riskEPSS 0%
JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.
- CVE-2025-70397HIGH 7.2Real · low riskEPSS 0%
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.