CNNVD-202512-495 Information
CNNVD ID
CNNVD-202512-495
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
JIZHICMS(极致CMS)是中国极致(JIZHI)公司的一套开源的内容管理系统(CMS)。 JIZHICMS 2.5.5及之前版本存在SQL注入漏洞,该漏洞源于对文件/index.php/admins/Comment/deleteAll.html中组件Batch Delete Comments的错误操作,可能导致SQL注入。
Description (English)
JIZHICMS (extremely CMS) is an open-source content management system (CMS) of the Chinese company JIZHI. JIZHICMS 2.5.5 and previous versions have an SQL injection loophole, which stems from an error in the operation of the Batch Delete comments component in document/index.php/admins/Comment/deleteAll.html, which may result in SQL injection.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
极致
Published
2025-12-04
Last Modified
2026-02-24
References
https://vuldb.com/?submit.694647 https://vuldb.com/?id.334253 https://vuldb.com/?ctiid.334253 https://github.com/24-2021/vul2/blob/main/jizhicms%3DV2.5.5-deleteAll.html-data%20parameter-SQL%20injection/jizhicms%3DV2.5.5-deleteAll.html-data%20parameter-SQL%20injection.md
Share on: