iej1ctk1g

4 exploits Active since Jan 2026
CVE-2020-37148 EXPLOITDB LOW text WORKING POC
P5 FNIP-8x16A/FNIP-4xSH <1.0.20, 1.0.11 - XSS
P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the 'lab4' parameter in config.html.
CVSS 3.5
CVE-2020-37118 EXPLOITDB LOW text WORKING POC
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page.
CVSS 3.5
CVE-2020-37117 EXPLOITDB HIGH text WORKING POC
jizhicms 1.6.7 - Authenticated Arbitrary File Download via Admin Plugins Update Endpoint
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads.
CVSS 8.8
CVE-2020-36906 EXPLOITDB MEDIUM text WORKING POC
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted form.
CVSS 4.3