CVE-2019-16655
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.
7.5CVSS
7.5AI Score
0.001EPSS
CVE-2019-16656
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.
9.8CVSS
9.7AI Score
0.028EPSS
CVE-2019-16660
joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.
8.8CVSS
8.6AI Score