Lucene search
+L

150 matches found

prion
prion
added 2018/07/22 5:29 p.m.15 views

Design/Logic Flaw

joyplus-cms 1.6.0 has XSS via the manager/collect/collectvodzhuiju.php keyword parameter...

4.3CVSS6AI score0.00818EPSS
Exploits1References1Affected Software1
prion
prion
added 2018/07/22 5:29 p.m.12 views

Sql injection

manager/adminajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "mid=1 AND SLEEP5" substring...

7.5CVSS9.6AI score0.01452EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2018/07/22 5:0 p.m.16 views

CVE-2018-14501

manager/adminajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "mid=1 AND SLEEP5" substring...

9.7AI score0.01452EPSS
Exploits1References1
cvelist
cvelist
added 2018/07/22 5:0 p.m.18 views

CVE-2018-14500

joyplus-cms 1.6.0 has XSS via the manager/collect/collectvodzhuiju.php keyword parameter...

6.1AI score0.00818EPSS
Exploits1References1
cve
cve
added 2018/07/22 5:0 p.m.45 views

CVE-2018-14501

CVE-2018-14501 affects joyplus-cms 1.6.0, where manager/admin_ajax.php is vulnerable to SQL injection via crafted POST data starting with m_id=1 AND SLEEP(5). The vulnerability arises from unsanitized input passed to SQL queries in that endpoint, enabling an attacker to execute arbitrary SQL comm...

9.8CVSS9.5AI score0.01452EPSS
Exploits1References1Affected Software1
cve
cve
added 2018/07/22 5:0 p.m.53 views

CVE-2018-14500

Joyplus-cms 1.6.0 contains a cross-site scripting (XSS) vulnerability in the writer/collect_vod_zhuiju.php endpoint where the keyword parameter can be injected with arbitrary script/HTML. Public disclosures across CVE/NVD/CNVD confirm XSS via the manager/collect/collect_vod_zhuiju.php keyword par...

6.1CVSS6AI score0.00818EPSS
Exploits1References1Affected Software1
cnvd
cnvd
added 2018/07/19 12:0 a.m.6 views

joyplus-cms cross-site scripting vulnerability (CNVD-2018-17480)

joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A cross-site scripting vulnerability exists in...

5.4CVSS5.5AI score0.00765EPSS
Exploits1References1
cnvd
cnvd
added 2018/07/19 12:0 a.m.6 views

joyplus-cms SQL Injection Vulnerability

joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A SQL injection vulnerability exists in joyplus-c...

9.8CVSS9.7AI score0.01452EPSS
Exploits1References1
osv
osv
added 2018/07/18 7:29 p.m.6 views

CVE-2018-14389

joyplus-cms 1.6.0 has SQL Injection via the manager/adminajax.php val parameter...

9.8CVSS5.8AI score0.01452EPSS
Exploits1References1
prion
prion
added 2018/07/18 7:29 p.m.19 views

Design/Logic Flaw

joyplus-cms 1.6.0 has XSS via the manager/adminajax.php cansearchdevice array parameter...

3.5CVSS5.2AI score0.00765EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2018/07/18 7:29 p.m.20 views

CVE-2018-14388

joyplus-cms 1.6.0 has XSS via the manager/adminajax.php cansearchdevice array parameter...

5.4CVSS5.3AI score0.00765EPSS
Exploits1References1
prion
prion
added 2018/07/18 7:29 p.m.19 views

Sql injection

joyplus-cms 1.6.0 has SQL Injection via the manager/adminajax.php val parameter...

7.5CVSS9.9AI score0.01452EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2018/07/18 7:29 p.m.19 views

CVE-2018-14389

joyplus-cms 1.6.0 has SQL Injection via the manager/adminajax.php val parameter...

9.8CVSS10AI score0.01452EPSS
Exploits1References1
cvelist
cvelist
added 2018/07/18 7:0 p.m.23 views

CVE-2018-14388

joyplus-cms 1.6.0 has XSS via the manager/adminajax.php cansearchdevice array parameter...

5.3AI score0.00765EPSS
Exploits1References1
cvelist
cvelist
added 2018/07/18 7:0 p.m.21 views

CVE-2018-14389

joyplus-cms 1.6.0 has SQL Injection via the manager/adminajax.php val parameter...

10AI score0.01452EPSS
Exploits1References1
cve
cve
added 2018/07/18 7:0 p.m.47 views

CVE-2018-14389

Joyplus-cms 1.6.0 is affected by a SQL Injection vulnerability in the manager/admin_ajax.php val parameter. The CVE-2018-14389 entry notes an injection that could impact backend data, with CVSSv3.0 base score 9.8 (CRITICAL) and CVSSv2.0 7.5 (HIGH). Connected records consistently identify joyplus-...

9.8CVSS9.9AI score0.01452EPSS
Exploits1References1Affected Software1
cve
cve
added 2018/07/18 7:0 p.m.53 views

CVE-2018-14388

Joyplus-cms 1.6.0 is vulnerable to cross-site scripting (XSS) via the can_search_device parameter sent to manager/admin_ajax.php. The root cause is unsanitized user input in that parameter, allowing arbitrary script execution in a user’s browser. Multiple sources (NVD, Red Hat, CNVD, CNVD, PRION,...

5.4CVSS5.2AI score0.00765EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2018/07/17 2:29 a.m.22 views

CVE-2018-14334

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766...

9.8CVSS9.7AI score0.01656EPSS
Exploits1References1
prion
prion
added 2018/07/17 2:29 a.m.22 views

Design/Logic Flaw

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766...

7.5CVSS9.6AI score0.03432EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2018/07/17 2:0 a.m.26 views

CVE-2018-14334

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766...

9.7AI score0.01656EPSS
Exploits1References1
Rows per page
Query Builder