150 matches found
CVE-2018-14334
CVE-2018-14334 affects joyplus-cms 1.6.0. The issue is in manager/editor/upload.php, where the check for disallowed file extensions only sets $errm and does not alter control flow, allowing an attacker to upload and execute a PHP file (remote code execution). This is related to the similar CVE-20...
Joyplus CMS Arbitrary File Upload Vulnerability
joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A security vulnerability exists in the...
joyplus-cms cross-site scripting vulnerability (CNVD-2018-13887)
joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A cross-site scripting vulnerability exists in th...
CVE-2018-12905
joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...
Design/Logic Flaw
joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...
CVE-2018-12905
joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...
CVE-2018-12905
joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...
CVE-2018-12905
Joyplus-CMS 1.6.0 contains a cross-site scripting (XSS) vulnerability in admin_player.php, related to manager/index.php “system manage” and “add” actions. Multiple sources (NVD, Red Hat, CNVD, CNVD CNVD, CVE lists) confirm the same issue; root cause described as XSS in the admin interface. Exploi...
Remote Code Execution Vulnerability in joyplus-cms manager/index.php File
joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A security vulnerability exists in the...
Sql injection
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...
CVE-2018-12039
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...
CVE-2018-12039
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...
CVE-2018-12039
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...
CVE-2018-12039
Joyplus-CMS version 1.6.0 is affected by a Remote Code Execution vulnerability in manager/index.php caused by an Arbitrary SQL command execution issue that relies on using a "/!select/" substring in place of a select substring. This is documented across multiple sources (NVD/Red Hat/CNVD) and ind...
CVE-2018-10096
joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...
CVE-2018-10096
joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...
Cross site request forgery (csrf)
joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...
CVE-2018-10096
joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...
CVE-2018-10096
Joyplus-cms 1.6.0 is affected by a cross-site scripting (XSS) vulnerability exploitable through the device_name parameter in manager/admin_ajax.php?action=save flag=add. The root cause is likely inadequate input sanitization of device_name, allowing injected scripts to be reflected in the applica...
joyplus-cms cross-site scripting vulnerability (CNVD-2018-08675)
joyplus-cms is an efficient video movie website management system built with PHPmysql. A cross-site scripting vulnerability exists in manager/adminvod.php in joyplus-cms 1.6.0. The vulnerability can be exploited to conduct cross-site scripting attacks via the keyword parameter...