CVE-2025-25785

Critical CVSS: 9.1

JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.

Vendor

Jizhicms

Product

Jizhicms

CWE

CWE-918

Yayın Tarihi

2025-02-26 15:15:26

Güncelleme

2025-04-10 17:38:56

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-918 Jizhicms CRITICAL Jizhicms 2025

Referanslar

http://jizhicms.com https://www.jizhicms.cn/

Benzer Kayıtlar

Medium

CVE-2026-29840

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function within app…

Medium

CVE-2026-3292

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frph…

High

CVE-2025-70397

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.

High

CVE-2020-37117

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated adm…

Medium

CVE-2025-14013

A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.p…

Medium

CVE-2025-14011

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Co…