150 matches found
CVE-2019-17175
The CVE-2019-17175 vulnerability affects joyplus-cms version 1.6.0 and is caused by an absolute path traversal flaw in manager/admin_pic.php?rootpath=. This allows an attacker to access locations outside of a restricted directory. Metrics indicate a CVSS v2 base score of 5.0 (MEDIUM) with network...
CVE-2019-16660
joyplus-cms 1.6.0 has adminajax.php?action=savexml&tab=vodplay CSRF...
CVE-2019-16656
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database...
CVE-2019-16660
joyplus-cms 1.6.0 has adminajax.php?action=savexml&tab=vodplay CSRF...
CVE-2019-16656
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database...
CVE-2019-16655
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available...
Cross site request forgery (csrf)
joyplus-cms 1.6.0 has adminajax.php?action=savexml&tab=vodplay CSRF...
Authentication flaw
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available...
CVE-2019-16655
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available...
CVE-2019-16655
CVE-2019-16655 affects joyplus-cms 1.6.0 and allows reinstallation if the install/ URI remains accessible. Connected sources (Red Hat, NVD, CVE records) confirm the same description across multiple entries. The available documents do not provide a formal root-cause analysis, exploitation details,...
CVE-2019-16656
Joyplus-cms 1.6.0 is vulnerable to remote code execution via /install by placing PHP code in the name of a database object. Root cause: unsafe handling of object-name data allows execution of arbitrary PHP on the server. Impact is described as high/critical (CVSS v3.1: 9.8, NETWORK, NONE privileg...
CVE-2019-16656
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database...
CVE-2019-16660
CVE-2019-16660 affects joyplus-cms 1.6.0, where the admin_ajax.php?action=savexml&tab=vodplay request is vulnerable to CSRF. The connected records confirm a CSRF flaw but do not provide explicit exploitation steps or a vendor-provided fix within the supplied documents. The CVE entry lists the vul...
CVE-2019-16660
joyplus-cms 1.6.0 has adminajax.php?action=savexml&tab=vodplay CSRF...
Joyplus CMS suffers from an override access vulnerability
Joyplus CMS Joy Video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . An override access vulnerability exists in Joyplu...
joyplus-cms cross-site scripting vulnerability (CNVD-2018-14238)
joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A cross-site scripting vulnerability exists in...
joyplus-cms SQL Injection Vulnerability (CNVD-2018-14239)
joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A SQL injection vulnerability exists in the...
CVE-2018-14501
manager/adminajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "mid=1 AND SLEEP5" substring...
CVE-2018-14500
joyplus-cms 1.6.0 has XSS via the manager/collect/collectvodzhuiju.php keyword parameter...
CVE-2018-14500
joyplus-cms 1.6.0 has XSS via the manager/collect/collectvodzhuiju.php keyword parameter...