CVE-2025-14011 | JIZHICMS up to 2.5.5 Add Display Name Field addcomment.html commentlist aid/tid sql injection

A vulnerability, which was classified as critical, has been found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing manipulation of the argument aid/tid results in sql injection.

This vulnerability is identified as CVE-2025-14011. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More