Jizhicms 2.5.6: Malicious Data Can Delete Articles

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.2

Jizhicms 2.5.6: Malicious Data Can Delete Articles

CVE-2025-70397

Summary

A security issue in Jizhicms 2.5.6 allows an attacker to delete articles by manipulating the 'data' parameter, potentially disrupting website content. This affects sites using Jizhicms version 2.5.6. To fix this, update to the latest version of Jizhicms or apply the recommended patch.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
jizhicms	jizhicms	2.5.6	–

Original title

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.

Original description

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.

nvd CVSS3.1 7.2

Vulnerability type

CWE-89 SQL Injection

http://jizhicms.com Product
https://www.23882.me/index.php/2026/02/15/jizhicms-%e5%90%8e%e5%8f%b0%e5%ad%98%e... Exploit Third Party Advisory

Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026