CVE-2026-6978 | JiZhiCMS up to 2.5.6 addcache.html htmlspecialchars_decode sqls sql injection

Inserito da Angelo Barbosa | Apr 24, 2026 | CVE

A vulnerability classified as critical was found in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialchars_decode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection.

This vulnerability is known as CVE-2026-6978. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6978 | JiZhiCMS up to 2.5.6 addcache.html htmlspecialchars_decode sqls sql injection

Post correlati

CVE-2024-32455 | Very Good Plugins Fatal Error Notify Plugin up to 1.5.2 on WordPress authorization

CVE-2023-6476 | cri-o Experimental Annotation resource consumption

CVE-2024-57237 | Prolink 4G LTE Mobile Wi-Fi DL-7203E 4.0.0B05 /reqproc/proc_get cmd cross site scripting

CVE-2023-6841 | Red Hat Quarkus HTTP Request extra values