jizhicms CVE Vulnerabilities & Metrics

Focus on jizhicms vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About jizhicms Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with jizhicms. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total jizhicms CVEs: 22
Earliest CVE date: 14 Oct 2019, 21:15 UTC
Latest CVE date: 04 Jan 2024, 19:15 UTC

Latest CVE reference: CVE-2023-51154

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical jizhicms CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.41

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	13
4.0-6.9	8
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS jizhicms CVEs

These are the five CVEs with the highest CVSS scores for jizhicms, sorted by severity first and recency.

CVE-2022-27429 jizhicms Published on 25 Apr 2022, 13:15 UTC (CVSS: 7.5)
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
CVE-2019-17593 jizhicms Published on 14 Oct 2019, 21:15 UTC (CVSS: 6.8)
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2023-2927 jizhicms Published on 27 May 2023, 09:15 UTC (CVSS: 6.5)
A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability.
CVE-2020-21483 jizhicms Published on 15 Sep 2021, 22:15 UTC (CVSS: 6.5)
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
CVE-2022-31393 jizhicms Published on 09 Jun 2022, 14:15 UTC (CVSS: 6.4)
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.

All CVEs for jizhicms

CVE-2023-51154 jizhicms vulnerability CVSS: 0 04 Jan 2024, 19:15 UTC

Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.

CVE-2023-50692 jizhicms vulnerability CVSS: 0 28 Dec 2023, 06:15 UTC

File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.

CVE-2023-43836 jizhicms vulnerability CVSS: 0 02 Oct 2023, 21:15 UTC

There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information

CVE-2023-38948 jizhicms vulnerability CVSS: 0 03 Aug 2023, 16:15 UTC

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.

CVE-2023-2927 jizhicms vulnerability CVSS: 6.5 27 May 2023, 09:15 UTC

A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability.

CVE-2023-31862 jizhicms vulnerability CVSS: 0 19 May 2023, 13:15 UTC

jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.

CVE-2023-27235 jizhicms vulnerability CVSS: 0 15 Mar 2023, 05:15 UTC

An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.

CVE-2023-27234 jizhicms vulnerability CVSS: 0 15 Mar 2023, 05:15 UTC

A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.

CVE-2021-36484 jizhicms vulnerability CVSS: 0 03 Feb 2023, 18:15 UTC

SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.

CVE-2022-45278 jizhicms vulnerability CVSS: 0 23 Nov 2022, 21:15 UTC

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.

CVE-2022-44140 jizhicms vulnerability CVSS: 0 23 Nov 2022, 20:15 UTC

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.

CVE-2021-29334 jizhicms vulnerability CVSS: 0 23 Nov 2022, 20:15 UTC

An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html

CVE-2022-36578 jizhicms vulnerability CVSS: 0 19 Aug 2022, 17:15 UTC

jizhicms v2.3.1 has SQL injection in the background.

CVE-2022-36577 jizhicms vulnerability CVSS: 0 19 Aug 2022, 17:15 UTC

An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.

CVE-2022-31393 jizhicms vulnerability CVSS: 6.4 09 Jun 2022, 14:15 UTC

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.

CVE-2022-31390 jizhicms vulnerability CVSS: 6.4 09 Jun 2022, 14:15 UTC

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.

CVE-2022-27429 jizhicms vulnerability CVSS: 7.5 25 Apr 2022, 13:15 UTC

Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.

CVE-2020-21228 jizhicms vulnerability CVSS: 4.3 01 Oct 2021, 21:15 UTC

JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.

CVE-2020-21483 jizhicms vulnerability CVSS: 6.5 15 Sep 2021, 22:15 UTC

An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.

CVE-2020-23644 jizhicms vulnerability CVSS: 4.3 11 Jan 2021, 14:15 UTC

XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.

CVE-2020-23643 jizhicms vulnerability CVSS: 4.3 11 Jan 2021, 14:15 UTC

XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.

CVE-2019-17593 jizhicms vulnerability CVSS: 6.8 14 Oct 2019, 21:15 UTC

JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.