CVE-2026-3292 in jizhiCMS
Summary
by MITRE • 02/27/2026
A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/01/2026
The vulnerability identified as CVE-2026-3292 represents a critical sql injection flaw within jizhiCMS version 2.5.6 and earlier, specifically affecting the batch interface functionality. This vulnerability resides in the frphp/lib/Model.php library file where the findAll function processes user input without adequate sanitization or validation. The flaw manifests when the data argument parameter is manipulated by an attacker, creating an exploitable condition that allows malicious sql commands to be executed against the underlying database system. The vulnerability's remote exploitability means that attackers can leverage this weakness from external networks without requiring physical access to the affected system.
The technical implementation of this vulnerability stems from improper input handling within the Model.php library, where user-supplied data flows directly into sql query construction without proper parameterization or escaping mechanisms. This design flaw aligns with CWE-89, which categorizes sql injection vulnerabilities as a direct consequence of inadequate input validation and improper query construction. The attack vector is particularly concerning as it operates through the batch interface component, suggesting that multiple operations could be compromised simultaneously, potentially enabling attackers to execute arbitrary sql commands with the privileges of the database user account. The public disclosure of the exploit further amplifies the risk, as it provides threat actors with ready-made tools to exploit this weakness.
The operational impact of this vulnerability extends beyond simple data theft, as successful exploitation could result in complete database compromise, unauthorized data modification, privilege escalation, and potential lateral movement within the affected network. The lack of vendor response to early disclosure attempts creates a particularly dangerous scenario where organizations may remain unaware of the vulnerability's presence while attackers actively exploit it. This vulnerability affects the core database interaction functionality of jizhiCMS, potentially compromising all data managed through the batch processing interface. The implications include unauthorized access to sensitive information, data integrity violations, and possible system compromise that could serve as a foothold for more extensive attacks.
Organizations utilizing jizhiCMS versions up to 2.5.6 should immediately implement mitigations including patching to the latest available version, implementing web application firewalls to detect and block sql injection attempts, and conducting thorough security assessments of the affected systems. The remediation process should involve reviewing all database access points, implementing proper input validation and parameterized queries, and establishing monitoring protocols to detect potential exploitation attempts. Additionally, security teams should consider implementing network segmentation to limit access to database systems and establish incident response procedures specifically addressing sql injection vulnerabilities. The ATT&CK framework categorizes this vulnerability under T1190 - Exploit Public-Facing Application, emphasizing the importance of maintaining up-to-date security patches and implementing robust application security controls. Given the public availability of exploitation tools and the vendor's lack of response, immediate action is essential to prevent potential compromise of affected systems and protect sensitive data assets.