CVE-2026-6978

Name of the Vulnerable Software and Affected Versions JiZhiCMS versions prior to 2.5.7

Description An issue exists in the htmlspecialchars decode() function within the file '/index.php/admins/Sys/addcache.html'. Remote attackers can perform SQL injection by manipulating the sqls argument. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to the database.

Recommendations Update to a version later than 2.5.6. As a temporary workaround, restrict access to the '/index.php/admins/Sys/addcache.html' file or avoid using the sqls parameter.