{"id":"CVE-2025-2638","details":"A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.","modified":"2026-03-14T14:56:19.909379Z","published":"2025-03-23T02:15:24.877Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?id.300639"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.519633"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.300639"},{"type":"EVIDENCE","url":"https://github.com/H3rmesk1t/vulnerability-paper/blob/main/jizhiCMS-1.7.0-Incorrect%20Access%20Control2.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cherry-toto/jizhicms","events":[{"introduced":"0"},{"last_affected":"7357e725f603d520606413fc3c1e200e15f83253"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7"}]}}],"versions":["v1.4","v1.5","v1.5.1","v1.5.2","v1.6","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.7"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-2638.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}