4 matches found
Joyplus CMS suffers from SQL injection vulnerability (CNVD-2020-21949)
Joyplus CMS Joy Video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . Joyplus CMS has a SQL injection vulnerability , a...
CVE-2018-14501
manager/adminajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "mid=1 AND SLEEP5" substring...
CVE-2018-14388
joyplus-cms 1.6.0 has XSS via the manager/adminajax.php cansearchdevice array parameter...
CVE-2018-14334
manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766...