Submit #795348: JizhiCMS JiZhiCMS v2.5.6 SQL injectioninfo

TitelJizhiCMS JiZhiCMS v2.5.6 SQL injection
BeschreibungThis feature point decodes user input through the htmlspecialchars_decode() function. The prepended code only performs simple filtering on the user input content. The SQL statement content constructed by the attacker is decoded and directly concatenated into the SQL statement, exploiting time-blind injection to achieve SQL injection.
Quelle⚠️ https://github.com/qingyun985/Cyber-Security/issues/4
Benutzer
 qingyunsec (UID 96803)
Einreichung02.04.2026 10:36 (vor 26 Tagen)
Moderieren24.04.2026 20:52 (22 days later)
StatusAkzeptiert
VulDB Eintrag359521 [JiZhiCMS bis 2.5.6 addcache.html htmlspecialchars_decode sqls SQL Injection]
Punkte19

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!