PT-2026-6562 · Jizhicms+1 · Jizhicms
Iej1Ctk1G
·
Publicado
2026-02-05
·
Atualizado
2026-02-05
·
CVE-2020-37117
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
jizhiCMS version 1.6.7
Description
The software contains a file download issue in the admin plugins update endpoint. Authenticated administrators can download arbitrary files. Attackers can exploit this by sending crafted POST requests with malicious
filepath and download url parameters, triggering unauthorized file downloads. The vulnerable API endpoint is '/admin/plugins/update'.Recommendations
Update to a newer version that contains a fix for this vulnerability.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jizhicms