cbcvebase.

Joyplus-Cms Project Joyplus-Cms vulnerabilities

15 known vulnerabilities affecting joyplus-cms_project/joyplus-cms.

Total CVEs
15
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH4MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2018-12039P2CRITICALCVSS 9.8v1.6.02018-06-07
CVE-2018-12039 [CRITICAL] CWE-89 CVE-2018-12039: joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue i joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring.
nvd
CVE-2018-8766P3CRITICALCVSS 9.8v1.6.02018-03-18
CVE-2018-8766 [CRITICAL] CWE-434 CVE-2018-8766: joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/ joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add.
nvd
CVE-2018-14334P3CRITICALCVSS 9.8v1.6.02018-07-17
CVE-2018-14334 [CRITICAL] CWE-434 CVE-2018-14334: manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a p manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766.
nvd
CVE-2018-14389P3CRITICALCVSS 9.8v1.6.02018-07-18
CVE-2018-14389 [CRITICAL] CWE-89 CVE-2018-14389: joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter. joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter.
nvd
CVE-2018-12905P3MEDIUMCVSS 6.1v1.6.02018-06-27
CVE-2018-12905 [MEDIUM] CWE-79 CVE-2018-12905: joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions.
nvd
CVE-2020-20636P3HIGHCVSS 7.5v1.6.02023-06-20
CVE-2020-20636 [HIGH] CWE-89 CVE-2020-20636: SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitiv SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function.
nvd
CVE-2019-17175P3HIGHCVSS 7.5v1.6.02019-10-04
CVE-2019-17175 [HIGH] CWE-22 CVE-2019-17175: joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal. joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal.
nvd
CVE-2018-8717P3HIGHCVSS 8.8v1.6.02018-03-15
CVE-2018-8717 [HIGH] CWE-352 CVE-2018-8717: joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_a joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request.
nvd
CVE-2020-22124P3HIGHCVSS 7.5v1.6.02021-08-18
CVE-2020-22124 [HIGH] CWE-552 CVE-2020-22124: A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sens A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information.
nvd
CVE-2018-14500P4MEDIUMCVSS 6.1v1.6.02018-07-22
CVE-2018-14500 [MEDIUM] CWE-79 CVE-2018-14500: joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter. joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.
nvd
CVE-2018-10028P4MEDIUMCVSS 5.3v1.6.02018-04-11
CVE-2018-10028 [MEDIUM] CWE-200 CVE-2018-10028: joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to th joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI.
nvd
CVE-2018-14388P4MEDIUMCVSS 5.4v1.6.02018-07-18
CVE-2018-14388 [MEDIUM] CWE-79 CVE-2018-14388: joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter.
nvd
CVE-2018-10096P4MEDIUMCVSS 4.8v1.6.02018-04-13
CVE-2018-10096 [MEDIUM] CWE-79 CVE-2018-10096: joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add request.
nvd
CVE-2018-10073P4MEDIUMCVSS 4.8v1.6.02018-04-12
CVE-2018-10073 [MEDIUM] CWE-79 CVE-2018-10073: joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter. joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter.
nvd
CVE-2018-8767P4MEDIUMCVSS 4.8v1.6.02018-03-18
CVE-2018-8767 [MEDIUM] CWE-79 CVE-2018-8767: joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name par joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter.
nvd
Joyplus-Cms Project Joyplus-Cms vulnerabilities | cvebase