CVE-2025-14012 | JIZHICMS up to 2.5.5 Batch Delete Comments deleteAll.html deleteAll/findAll/delete sql injection

A vulnerability, which was classified as critical, was found in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing manipulation can lead to sql injection.

This vulnerability is tracked as CVE-2025-14012. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14012 | JIZHICMS up to 2.5.5 Batch Delete Comments deleteAll.html deleteAll/findAll/delete sql injection

Post correlati

CVE-2024-32714 | Academy LMS Plugin up to 1.9.16 on WordPress authorization

CVE-2025-41388 | Fuji Electric Smart Editor up to 1.0.1.0 stack-based overflow (icsa-25-168-04)

CVE-2024-9352 | Forminator Forms Plugin up to 1.35.1 on WordPress Draft Custom Forms cross-site request forgery

CVE-2023-6943 | Mitsubishi Electric EZSocket unknown vulnerability