Hillstone Networks

RULE（RULE ID：333628）

Rule General Information


Release Date:		2021-06-03

Rule Name:		Jizhi CMS 1.71 Information Disclosure Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Jizhi CMS is an open source and free PHPCMS website content management system. Its versions 1.71, 1.7, and 1.67 have information disclosure vulnerabilities. Any account can be taken over through this vulnerability. An unauthenticated remote attacker could exploit this vulnerability by sending malicious HTTP requests to the target system. Successful exploitation of this vulnerability could allow an attacker to read arbitrary files from a target system and obtain sensitive information.

Impact:		An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.