CVE-2026-3292

Source
https://cve.org/CVERecord?id=CVE-2026-3292
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3292.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-3292
Published
2026-02-27T05:02:06.427Z
Modified
2026-07-15T01:49:08.682445985Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
jizhiCMS Batch Model.php findAll sql injection
Details

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Database specific
{
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-74",
        "CWE-89"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "2.5.0"
                },
                {
                    "last_affected": "2.5.0"
                },
                {
                    "introduced": "2.5.1"
                },
                {
                    "last_affected": "2.5.1"
                },
                {
                    "introduced": "2.5.2"
                },
                {
                    "last_affected": "2.5.2"
                },
                {
                    "introduced": "2.5.3"
                },
                {
                    "last_affected": "2.5.3"
                },
                {
                    "introduced": "2.5.4"
                },
                {
                    "last_affected": "2.5.4"
                },
                {
                    "introduced": "2.5.5"
                },
                {
                    "last_affected": "2.5.5"
                },
                {
                    "introduced": "2.5.6"
                },
                {
                    "last_affected": "2.5.6"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/3xxx/CVE-2026-3292.json"
}
References

Affected packages

Git / github.com/cherry-toto/jizhicms

Affected ranges

Type
GIT
Repo
https://github.com/cherry-toto/jizhicms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:jizhicms:jizhicms:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5.6"
        }
    ]
}

Affected versions

2.*
2.3.3
2.3.4
2.3.5
2.3.7
2.3.8
2.4
2.4.0
2.4.3
2.4.7
2.4.8
2.4.9
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.5.6
Other
v1
v1.*
v1.4
v1.5
v1.5.1
v1.5.2
v1.6
v1.6.1
v1.6.2
v1.9.x
v2.*
v2.4.5
v2.5.3
v2.5.4
v2.5.5
v2.5.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3292.json"