CVE-2025-2638

Medium CVSS: 5.3

A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Vendor

Jizhicms

Product

Jizhicms

CWE

CWE-266

Yayın Tarihi

2025-03-23 02:15:24

Güncelleme

2025-04-02 15:39:07

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-266 Jizhicms MEDIUM Jizhicms 2025

Referanslar

https://github.com/H3rmesk1t/vulnerability-paper/blob/main/jizhiCMS-1.7.0-Incorrect%20Access%20Control2.md https://vuldb.com/?ctiid.300639 https://vuldb.com/?id.300639 https://vuldb.com/?submit.519633 https://github.com/H3rmesk1t/vulnerability-paper/blob/main/jizhiCMS-1.7.0-Incorrect%20Access%20Control2.md

Benzer Kayıtlar

Medium

CVE-2026-29840

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function within app…

Medium

CVE-2026-3292

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frph…

High

CVE-2025-70397

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.

High

CVE-2020-37117

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated adm…

Medium

CVE-2025-14013

A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.p…

Medium

CVE-2025-14011

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Co…