Lucene search
K

150 matches found

CVE
CVE
added 2018/07/17 2:0 a.m.50 views

CVE-2018-14334

CVE-2018-14334 affects joyplus-cms 1.6.0. The issue is in manager/editor/upload.php, where the check for disallowed file extensions only sets $errm and does not alter control flow, allowing an attacker to upload and execute a PHP file (remote code execution). This is related to the similar CVE-20...

9.8CVSS9.6AI score0.01656EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/07/17 12:0 a.m.6 views

Joyplus CMS Arbitrary File Upload Vulnerability

joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A security vulnerability exists in the...

9.8CVSS9.6AI score0.01656EPSS
Exploits1References1
CNVD
CNVD
added 2018/06/28 12:0 a.m.4 views

joyplus-cms cross-site scripting vulnerability (CNVD-2018-13887)

joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A cross-site scripting vulnerability exists in th...

6.1CVSS6.1AI score0.42206EPSS
Exploits1References1
OSV
OSV
added 2018/06/27 1:29 p.m.4 views

CVE-2018-12905

joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...

6.1CVSS5.8AI score0.42206EPSS
Exploits1References1
Prion
Prion
added 2018/06/27 1:29 p.m.16 views

Design/Logic Flaw

joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...

4.3CVSS6AI score0.42206EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/06/27 1:29 p.m.20 views

CVE-2018-12905

joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...

6.1CVSS6AI score0.42206EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/06/27 1:0 p.m.24 views

CVE-2018-12905

joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...

6AI score0.42206EPSS
Exploits1References1
CVE
CVE
added 2018/06/27 1:0 p.m.42 views

CVE-2018-12905

Joyplus-CMS 1.6.0 contains a cross-site scripting (XSS) vulnerability in admin_player.php, related to manager/index.php “system manage” and “add” actions. Multiple sources (NVD, Red Hat, CNVD, CNVD CNVD, CVE lists) confirm the same issue; root cause described as XSS in the admin interface. Exploi...

6.1CVSS5.9AI score0.42206EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/06/13 12:0 a.m.4 views

Remote Code Execution Vulnerability in joyplus-cms manager/index.php File

joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A security vulnerability exists in the...

9.8CVSS10AI score0.04679EPSS
Exploits1References1
Prion
Prion
added 2018/06/07 7:29 p.m.18 views

Sql injection

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...

7.5CVSS9.9AI score0.04679EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/06/07 7:29 p.m.28 views

CVE-2018-12039

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...

9.8CVSS10AI score0.04679EPSS
Exploits1References1
OSV
OSV
added 2018/06/07 7:29 p.m.4 views

CVE-2018-12039

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...

9.8CVSS6AI score0.04679EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/06/07 7:0 p.m.29 views

CVE-2018-12039

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...

10AI score0.04679EPSS
Exploits1References1
CVE
CVE
added 2018/06/07 7:0 p.m.40 views

CVE-2018-12039

Joyplus-CMS version 1.6.0 is affected by a Remote Code Execution vulnerability in manager/index.php caused by an Arbitrary SQL command execution issue that relies on using a "/!select/" substring in place of a select substring. This is documented across multiple sources (NVD/Red Hat/CNVD) and ind...

9.8CVSS9.9AI score0.04679EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/04/13 4:29 p.m.3 views

CVE-2018-10096

joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...

4.8CVSS5.8AI score0.0064EPSS
Exploits1References1
NVD
NVD
added 2018/04/13 4:29 p.m.18 views

CVE-2018-10096

joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...

4.8CVSS4.9AI score0.0064EPSS
Exploits1References1
Prion
Prion
added 2018/04/13 4:29 p.m.20 views

Cross site request forgery (csrf)

joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...

3.5CVSS4.8AI score0.0064EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/04/13 4:0 p.m.27 views

CVE-2018-10096

joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...

4.9AI score0.0064EPSS
Exploits1References1
CVE
CVE
added 2018/04/13 4:0 p.m.49 views

CVE-2018-10096

Joyplus-cms 1.6.0 is affected by a cross-site scripting (XSS) vulnerability exploitable through the device_name parameter in manager/admin_ajax.php?action=save flag=add. The root cause is likely inadequate input sanitization of device_name, allowing injected scripts to be reflected in the applica...

4.8CVSS4.8AI score0.0064EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/04/13 12:0 a.m.5 views

joyplus-cms cross-site scripting vulnerability (CNVD-2018-08675)

joyplus-cms is an efficient video movie website management system built with PHPmysql. A cross-site scripting vulnerability exists in manager/adminvod.php in joyplus-cms 1.6.0. The vulnerability can be exploited to conduct cross-site scripting attacks via the keyword parameter...

4.8CVSS6.3AI score0.0064EPSS
Exploits1References1
Rows per page
Query Builder