CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

Prion•added 2019/09/21 6:15 p.m.•10 views

Authentication flaw

joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available...

6.4CVSS7.6AI score0.00198EPSS

Exploits1References1Affected Software1

Prion•added 2018/07/22 5:29 p.m.•13 views

Design/Logic Flaw

joyplus-cms 1.6.0 has XSS via the manager/collect/collectvodzhuiju.php keyword parameter...

4.3CVSS6AI score0.0024EPSS

Exploits1References1Affected Software1

NVD•added 2018/07/18 7:29 p.m.•10 views

CVE-2018-14389

joyplus-cms 1.6.0 has SQL Injection via the manager/adminajax.php val parameter...

9.8CVSS10AI score0.0025EPSS

Exploits1References1

NVD•added 2018/07/18 7:29 p.m.•9 views

CVE-2018-14388

joyplus-cms 1.6.0 has XSS via the manager/adminajax.php cansearchdevice array parameter...

5.4CVSS5.3AI score0.00149EPSS

Exploits1References1

Cvelist•added 2018/07/18 7:0 p.m.•11 views

CVE-2018-14389

joyplus-cms 1.6.0 has SQL Injection via the manager/adminajax.php val parameter...

10AI score0.0025EPSS

Exploits1References1

CVE•added 2018/07/18 7:0 p.m.•42 views

CVE-2018-14389

Joyplus-cms 1.6.0 is affected by a SQL Injection vulnerability in the manager/admin_ajax.php val parameter. The CVE-2018-14389 entry notes an injection that could impact backend data, with CVSSv3.0 base score 9.8 (CRITICAL) and CVSSv2.0 7.5 (HIGH). Connected records consistently identify joyplus-...

9.8CVSS9.9AI score0.0025EPSS

Exploits1References1Affected Software1

Prion•added 2018/07/17 2:29 a.m.•19 views

Design/Logic Flaw

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766...

7.5CVSS9.6AI score0.02516EPSS

Exploits2References1Affected Software1

CVE•added 2018/07/17 2:0 a.m.•49 views

CVE-2018-14334

CVE-2018-14334 affects joyplus-cms 1.6.0. The issue is in manager/editor/upload.php, where the check for disallowed file extensions only sets $errm and does not alter control flow, allowing an attacker to upload and execute a PHP file (remote code execution). This is related to the similar CVE-20...

9.8CVSS9.6AI score0.00411EPSS

Exploits1References1Affected Software1

Cvelist•added 2018/07/17 2:0 a.m.•14 views

CVE-2018-14334

9.7AI score0.00411EPSS

Exploits1References1

Cvelist•added 2018/06/27 1:0 p.m.•12 views

CVE-2018-12905

joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...

6AI score0.02037EPSS

Exploits1References1

Prion•added 2018/04/13 4:29 p.m.•17 views