Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
jizhiCMS SQL Injection Risk in Batch Interface Function
CVE-2026-3292
Summary
A security flaw in jizhiCMS's Batch Interface can allow hackers to inject malicious SQL code. This can happen if a malicious user manipulates input data. To protect your jizhiCMS installation, update to a version 2.5.7 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| jizhicms | jizhicms | <= 2.5.6 | – |
Original title
A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the arg...
Original description
A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
8.8
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
- https://gist.github.com/0psPwn/46468da7329f7c676c737b4b6b473ddc Exploit Third Party Advisory
- https://vuldb.com/?ctiid.348018 Permissions Required VDB Entry
- https://vuldb.com/?id.348018 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.760180 Third Party Advisory VDB Entry
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026