Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown

CVE-2020-21228

Disclosure Date: October 01, 2021 (last updated February 23, 2025)
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-21483

Disclosure Date: September 15, 2021 (last updated February 23, 2025)
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-17593

Disclosure Date: October 14, 2019 (last updated November 27, 2024)
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0