Jizhicms Arbitrary File Upload Vulnerability in TemplateController.php Allowing Code Execution

Vulnerability

A vulnerability allowing arbitrary file upload has been identified in Jizhicms version 2.5.4, specifically within the TemplateController.php component. This vulnerability enables attackers to execute arbitrary code by uploading a specially crafted Zip file.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Jizhicms is installed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

8.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

8.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jizhicms Arbitrary File Upload Vulnerability in TemplateController.php Allowing Code Execution

Vulnerability

Impact

Affected Products

Jizhicms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating