CVE-2019-16656
Joyplus-cms 1.6.0 is vulnerable to remote code execution via /install by placing PHP code in the name of a database object. Root cause: unsafe handling of object-name data allows execution of arbitrary PHP on the server. Impact is described as high/critical (CVSS v3.1: 9.8, NETWORK, NONE privileg...