Lin0Ps

**Name of the Vulnerable Software and Affected Versions** jizhiCMS versions up to 2.5.6 **Description** A security issue exists in jizhiCMS that allows for remote SQL injection. This occurs due to manipulation of the `data` argument within the `findAll` function located in the `frphp/lib/Model.php` library of the Batch Interface component. The exploit for this issue has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** Versions prior to 2.5.6 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.