📄 Description (English)
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads.
🤖 AI Executive Summary
CVE-2020-37117 is a critical file download vulnerability in jizhiCMS 1.6.7 that allows authenticated administrators to download arbitrary files through the admin plugins update endpoint. Attackers can exploit this by sending crafted POST requests with malicious filepath and download_url parameters, potentially leading to unauthorized access to sensitive system files, configuration data, and credentials. With an 8.8 CVSS score and publicly available exploits, this vulnerability poses an immediate threat to organizations using vulnerable jizhiCMS installations.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 22, 2026 01:55
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations using jizhiCMS for content management, particularly in government agencies, educational institutions, and small-to-medium enterprises (SMEs) that may have deployed this CMS. The most at-risk sectors include: Government (NCA-regulated entities), Healthcare (MOH facilities), Education (universities and schools), and E-commerce platforms. The vulnerability allows authenticated administrators (insider threats or compromised accounts) to exfiltrate sensitive files including database backups, configuration files containing credentials, and personal data, directly violating SAMA data protection requirements and NCA cybersecurity standards.
🏢 Affected Saudi Sectors
Government
Education
Healthcare
E-commerce
Small and Medium Enterprises (SMEs)
Non-profit Organizations
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all jizhiCMS 1.6.7 installations across your organization using asset inventory tools
2. Restrict admin panel access to trusted IP addresses only using firewall rules
3. Implement multi-factor authentication (MFA) for all administrator accounts
4. Review admin access logs for suspicious file download activities
5. Monitor for POST requests to /admin/plugins/update endpoint with unusual filepath parameters
PATCHING:
1. Upgrade jizhiCMS to version 1.6.8 or later immediately
2. If immediate patching is not possible, disable the plugins update functionality
3. Apply vendor security patches within 48 hours
COMPENSATING CONTROLS:
1. Implement Web Application Firewall (WAF) rules to block POST requests containing suspicious filepath patterns (../, etc.)
2. Deploy file integrity monitoring (FIM) on sensitive configuration files
3. Enable detailed logging and alerting for admin panel activities
4. Conduct forensic analysis of admin access logs for the past 90 days
5. Rotate all administrative credentials and API keys
DETECTION RULES:
1. Alert on POST requests to /admin/plugins/update with filepath parameters containing directory traversal sequences
2. Monitor for unusual file access patterns from web server processes
3. Track downloads of sensitive files (.conf, .config, database files) from admin accounts
4. Alert on failed authentication attempts followed by successful admin logins
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع تثبيتات jizhiCMS 1.6.7 عبر المنظمة باستخدام أدوات جرد الأصول
2. تقييد الوصول إلى لوحة المسؤول على عناوين IP الموثوقة فقط باستخدام قواعد جدار الحماية
3. تنفيذ المصادقة متعددة العوامل (MFA) لجميع حسابات المسؤول
4. مراجعة سجلات الوصول للمسؤول للأنشطة المريبة لتحميل الملفات
5. مراقبة طلبات POST إلى نقطة نهاية /admin/plugins/update مع معاملات filepath غير عادية
التصحيح:
1. ترقية jizhiCMS إلى الإصدار 1.6.8 أو أحدث فوراً
2. إذا لم يكن التصحيح الفوري ممكناً، قم بتعطيل وظيفة تحديث المكونات الإضافية
3. تطبيق تصحيحات الأمان من المورد خلال 48 ساعة
الضوابط البديلة:
1. تنفيذ قواعد جدار تطبيقات الويب (WAF) لحظر طلبات POST التي تحتوي على أنماط filepath مريبة
2. نشر مراقبة سلامة الملفات (FIM) على ملفات التكوين الحساسة
3. تفعيل السجلات التفصيلية والتنبيهات لأنشطة لوحة المسؤول
4. إجراء تحليل الطب الشرعي لسجلات الوصول للمسؤول للـ 90 يوماً الماضية
5. تدوير جميع بيانات اعتماد المسؤول ومفاتيح API
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.6.1.1 - Information Security Policies and Procedures
ECC 2024 A.6.2.1 - Access Control and Authentication
ECC 2024 A.6.2.2 - User Access Management
ECC 2024 A.6.3.1 - Cryptography and Data Protection
ECC 2024 A.7.1.1 - Event Logging and Monitoring
ECC 2024 A.7.2.1 - Vulnerability Management
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Software and Hardware Asset Management
SAMA CSF PR.AC-1 - Access Control and Authentication
SAMA CSF PR.AC-4 - Access Rights and Privileges
SAMA CSF DE.CM-1 - Detection and Analysis
SAMA CSF RS.MI-2 - Incident Response and Recovery
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access Control
ISO 27001:2022 A.5.16 - Authentication
ISO 27001:2022 A.5.18 - Management of Privileged Access Rights
ISO 27001:2022 A.8.1 - User Endpoint Devices
ISO 27001:2022 A.8.22 - Monitoring Activities
🟣 PCI DSS v4.0
PCI DSS 2.1 - Change default passwords
PCI DSS 6.2 - Security patches and updates
PCI DSS 7.1 - Limit access to system components
PCI DSS 10.2 - Implement automated audit trails
📦 Affected Products / CPE 1 entries
jizhicms:jizhicms:1.6.7