159 matches found
CVE-2018-8767
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...
CVE-2018-8767
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...
Design/Logic Flaw
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...
CVE-2018-8766
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...
Design/Logic Flaw
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...
CVE-2018-8766
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...
CVE-2018-8766
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...
CVE-2018-8767
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...
CVE-2018-8766
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...
CVE-2018-8767
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...
CVE-2018-8767
Joyplus-cms 1.6.0 is affected by a cross-site scripting (XSS) vulnerability in manager/admin_ajax.php?action=save&tab={pre}vod_type, exploitable via the t_name parameter. Root cause: insufficient input sanitization that allows injected script/HTML. Impact: can inject arbitrary scripts into the vi...
CVE-2018-8766
Joyplus-CMS 1.6.0 is affected by an arbitrary file upload in manager/editor/upload.php (related to manager/admin_vod.php?action=add), enabling potential remote code execution due to insufficient validation of uploaded content. The vulnerability is described across multiple sources (including CVE-...
CVE-2018-8717
joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/adminajax.php?action=save&tab=premanager request...
CVE-2018-8717
joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/adminajax.php?action=save&tab=premanager request...
Cross site request forgery (csrf)
joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/adminajax.php?action=save&tab=premanager request...
CVE-2018-8717
joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/adminajax.php?action=save&tab=premanager request...
Joyplus CMS Cross-Site Request Forgery Vulnerability
joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A cross-site request forgery vulnerability exists...
CVE-2018-8717
CVE-2018-8717 affects joyplus-cms 1.6.0 and is a cross-site request forgery (CSRF) vulnerability. The issue is demonstrated by a CSRF request to manager/admin_ajax.php?action=save&tab={pre}manager that can result in adding an administrator account. The connected sources confirm the vulnerability ...
CVE-2018-8717
joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/adminajax.php?action=save&tab=premanager request...