Show filters
19 Total Results
Displaying 1-10 of 19
Sort by:
Attacker Value
Unknown

CVE-2020-20636

Disclosure Date: June 20, 2023 (last updated October 08, 2023)
SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-22124

Disclosure Date: August 18, 2021 (last updated February 23, 2025)
A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-17175

Disclosure Date: October 04, 2019 (last updated November 27, 2024)
joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-16655

Disclosure Date: September 21, 2019 (last updated November 27, 2024)
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-16660

Disclosure Date: September 21, 2019 (last updated November 27, 2024)
joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-16656

Disclosure Date: September 21, 2019 (last updated November 27, 2024)
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-14500

Disclosure Date: July 22, 2018 (last updated November 27, 2024)
joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-14501

Disclosure Date: July 22, 2018 (last updated November 27, 2024)
manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.
0
0
Attacker Value
Unknown

CVE-2018-14388

Disclosure Date: July 18, 2018 (last updated November 27, 2024)
joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter.
0
0
Attacker Value
Unknown

CVE-2018-14389

Disclosure Date: July 18, 2018 (last updated November 27, 2024)
joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter.
0
0
View More Topics  Next >