CNNVD-202512-496 Information
CNNVD ID
CNNVD-202512-496
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
JIZHICMS(极致CMS)是中国极致(JIZHI)公司的一套开源的内容管理系统(CMS)。 JIZHICMS 2.5.5及之前版本存在SQL注入漏洞,该漏洞源于对文件/index.php/admins/Comment/addcomment.html中参数aid/tid的错误操作,可能导致SQL注入。
Description (English)
JIZHICMS (extremely CMS) is an open-source content management system (CMS) of the Chinese company JIZHI. JIZHICMS 2.5.5 and earlier versions contain an injection loophole in SQL, which results from an error in the parameter aid/tid/tid in document/index.php/admins/Comment/addcomment.html, which may result in SQL injection.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
极致
Published
2025-12-04
Last Modified
2026-02-24
References
https://vuldb.com/?submit.694645 https://github.com/24-2021/vul2/blob/main/jizhicms%3DV2.5.5-addcomment.html-aid%20parameter-SQL%20injection/jizhicms-addcomment.html-aid%20parameter-SQL%20injection.md https://vuldb.com/?id.334252 https://vuldb.com/?submit.694644 https://vuldb.com/?ctiid.334252
Share on: