Lucene search
+L

150 matches found

CVE
CVE
added 2019/10/04 2:42 p.m.146 views

CVE-2019-17175

The CVE-2019-17175 vulnerability affects joyplus-cms version 1.6.0 and is caused by an absolute path traversal flaw in manager/admin_pic.php?rootpath=. This allows an attacker to access locations outside of a restricted directory. Metrics indicate a CVSS v2 base score of 5.0 (MEDIUM) with network...

7.5CVSS7.5AI score0.01749EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/09/21 6:15 p.m.18 views

CVE-2019-16660

joyplus-cms 1.6.0 has adminajax.php?action=savexml&tab=vodplay CSRF...

8.8CVSS8.8AI score0.00547EPSS
Exploits1References1
OSV
OSV
added 2019/09/21 6:15 p.m.4 views

CVE-2019-16656

joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database...

9.8CVSS7.6AI score0.01332EPSS
Exploits1References1
OSV
OSV
added 2019/09/21 6:15 p.m.6 views

CVE-2019-16660

joyplus-cms 1.6.0 has adminajax.php?action=savexml&tab=vodplay CSRF...

8.8CVSS7.3AI score0.00547EPSS
Exploits1References1
NVD
NVD
added 2019/09/21 6:15 p.m.15 views

CVE-2019-16656

joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database...

9.8CVSS9.8AI score0.01332EPSS
Exploits1References1
NVD
NVD
added 2019/09/21 6:15 p.m.19 views

CVE-2019-16655

joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available...

7.5CVSS7.6AI score0.0084EPSS
Exploits1References1
Prion
Prion
added 2019/09/21 6:15 p.m.16 views

Cross site request forgery (csrf)

joyplus-cms 1.6.0 has adminajax.php?action=savexml&tab=vodplay CSRF...

6.8CVSS8.7AI score0.00547EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/09/21 6:15 p.m.15 views

Authentication flaw

joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available...

6.4CVSS7.6AI score0.0084EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/21 5:2 p.m.24 views

CVE-2019-16655

joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available...

7.6AI score0.0084EPSS
Exploits1References1
CVE
CVE
added 2019/09/21 5:2 p.m.213 views

CVE-2019-16655

CVE-2019-16655 affects joyplus-cms 1.6.0 and allows reinstallation if the install/ URI remains accessible. Connected sources (Red Hat, NVD, CVE records) confirm the same description across multiple entries. The available documents do not provide a formal root-cause analysis, exploitation details,...

7.5CVSS7.5AI score0.0084EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/09/21 5:2 p.m.230 views

CVE-2019-16656

Joyplus-cms 1.6.0 is vulnerable to remote code execution via /install by placing PHP code in the name of a database object. Root cause: unsafe handling of object-name data allows execution of arbitrary PHP on the server. Impact is described as high/critical (CVSS v3.1: 9.8, NETWORK, NONE privileg...

9.8CVSS9.7AI score0.01332EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/21 5:2 p.m.26 views

CVE-2019-16656

joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database...

9.8AI score0.01332EPSS
Exploits1References1
CVE
CVE
added 2019/09/21 5:1 p.m.83 views

CVE-2019-16660

CVE-2019-16660 affects joyplus-cms 1.6.0, where the admin_ajax.php?action=savexml&tab=vodplay request is vulnerable to CSRF. The connected records confirm a CSRF flaw but do not provide explicit exploitation steps or a vendor-provided fix within the supplied documents. The CVE entry lists the vul...

8.8CVSS8.6AI score0.00547EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/21 5:1 p.m.18 views

CVE-2019-16660

joyplus-cms 1.6.0 has adminajax.php?action=savexml&tab=vodplay CSRF...

8.8AI score0.00547EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/27 12:0 a.m.3 views

Joyplus CMS suffers from an override access vulnerability

Joyplus CMS Joy Video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . An override access vulnerability exists in Joyplu...

7.2AI score
Exploits0
CNVD
CNVD
added 2018/07/23 12:0 a.m.6 views

joyplus-cms cross-site scripting vulnerability (CNVD-2018-14238)

joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A cross-site scripting vulnerability exists in...

6.1CVSS6.2AI score0.00818EPSS
Exploits1References1
CNVD
CNVD
added 2018/07/23 12:0 a.m.6 views

joyplus-cms SQL Injection Vulnerability (CNVD-2018-14239)

joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A SQL injection vulnerability exists in the...

9.8CVSS10AI score0.01452EPSS
Exploits1References1
NVD
NVD
added 2018/07/22 5:29 p.m.13 views

CVE-2018-14501

manager/adminajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "mid=1 AND SLEEP5" substring...

9.8CVSS9.7AI score0.01452EPSS
Exploits1References1
NVD
NVD
added 2018/07/22 5:29 p.m.19 views

CVE-2018-14500

joyplus-cms 1.6.0 has XSS via the manager/collect/collectvodzhuiju.php keyword parameter...

6.1CVSS6.1AI score0.00818EPSS
Exploits1References1
OSV
OSV
added 2018/07/22 5:29 p.m.4 views

CVE-2018-14500

joyplus-cms 1.6.0 has XSS via the manager/collect/collectvodzhuiju.php keyword parameter...

6.1CVSS5.8AI score0.00818EPSS
Exploits1References1
Rows per page
Query Builder