Primary

Context

JIZHICMS Improper Authorization Vulnerability in Article Handler Component

Vulnerability

An improper authorization vulnerability has been identified in JIZHICMS versions through 1.7.0. This issue resides in the Article Handler component, specifically within the file '/user/release.html'. The vulnerability allows unauthorized users to access and modify articles that do not belong to them. The flaw can be exploited remotely, and details of the vulnerability, along with a public exploit, are available.

Impact

Exploitation of this vulnerability allows for unauthorized access and modification of articles, potentially leading to integrity issues.

Reproduction

To reproduce this vulnerability, access the '/user/release.html' page without proper authorization. Once on the page, it is possible to edit and modify articles that belong to other users, bypassing the intended access controls.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JIZHICMS Improper Authorization Vulnerability in Article Handler Component

Vulnerability

Impact

Reproduction

Affected Products

JIZHICMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating