An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.

A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.

File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component.

An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.

Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function.

File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.

SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.

A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability.

jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.

wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.