CVE-2025-25784

Critical CVSS: 9.8

An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.

Vendor

Jizhicms

Product

Jizhicms

CWE

CWE-434

Yayın Tarihi

2025-02-26 15:15:26

Güncelleme

2025-04-10 17:42:20

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-434 Jizhicms CRITICAL Jizhicms 2025

Referanslar

http://jizhicms.com https://github.com/Ka7arotto/JizhiCms/blob/main/jizhicms.md https://www.jizhicms.cn/ https://github.com/Ka7arotto/JizhiCms/blob/main/jizhicms.md

Benzer Kayıtlar

Medium

CVE-2026-29840

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function within app…

Medium

CVE-2026-3292

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frph…

High

CVE-2025-70397

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.

High

CVE-2020-37117

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated adm…

Medium

CVE-2025-14013

A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.p…

Medium

CVE-2025-14011

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Co…