PT-2023-12278 · Jizhicms · Jizhicms

Publicado

2023-02-03

·

Atualizado

2023-02-10

·

CVE-2021-36484

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions JIZHICMS version 1.9.5
Description The issue allows attackers to run arbitrary SQL commands via the add or edit article page, potentially leading to unauthorized data access or modification.
Recommendations For JIZHICMS version 1.9.5, update to a newer version that contains a fix for this issue, as using outdated software can pose significant security risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2021-36484

Produtos afetados

Jizhicms