PT-2025-49104 · Jizhicms · Jizhicms
Nobb
·
Published
2025-12-04
·
Updated
2026-02-24
·
CVE-2025-14011
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JIZHICMS versions up to 2.5.5
Description
A flaw exists in JIZHICMS that allows for SQL injection. This issue is located in the
commentlist function within the /index.php/admins/Comment/addcomment.html file of the Add Display Name Field component. Manipulation of the aid or tid argument can trigger the injection. The attack can be performed remotely. The exploit has been publicly released.Recommendations
Versions prior to 2.5.5 should be updated.
Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jizhicms