Arbitrary File Download Vulnerability in Jizhicms v2.5 by Jizhi Technologies
CVE-2023-51154

9.8CRITICAL

Key Information:

Vendor: Jizhi Technologies
Status: Jizhicms
Vendor: CVE Published:; 4 January 2024

🔔 Create Jizhi Technologies Vulnerability Alert

What is CVE-2023-51154?

Jizhicms v2.5 contains a security flaw that permits arbitrary file downloads through the /admin/c/PluginsController.php component. This vulnerability allows an attacker to exploit the system and gain unauthorized access to sensitive files, which may threaten the confidentiality and integrity of data stored within the application. Users of Jizhicms v2.5 should take immediate action to mitigate this risk and ensure their systems are secure.

References

https://gitee.com/blue_ty/cms/issues/I8O7IV

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 4, 2024
Vulnerability Reserved
Dec 18, 2023

CVE-2023-51154 Data

JSON