CVE-2025-70397

High CVSS: 7.2

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.

Vendor

Product

CWE

Yayın Tarihi

2026-02-17 16:20:25

Güncelleme

2026-02-19 18:24:53

Source Identifier

cve@mitre.org

KEV Date Added

CWE-89 Jizhicms HIGH Jizhicms 2026

http://jizhicms.com https://www.23882.me/index.php/2026/02/15/jizhicms-%e5%90%8e%e5%8f%b0%e5%ad%98%e5%9c%a8sql%e6%b3%a8%e5%85%a5/

Medium

CVE-2026-29840

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function within app…

Medium

CVE-2026-3292

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frph…

High

CVE-2020-37117

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated adm…

Medium

CVE-2025-14013

A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.p…

Medium

CVE-2025-14011

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Co…

Medium

CVE-2025-14012

A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of…