Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Joyplus-cms Project Security Vulnerabilities

cve
cve

CVE-2020-20636

SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad()...

7.5CVSS

7.6AI Score

0.001EPSS

2023-06-20 03:15 PM
14
cve
cve

CVE-2018-14388

joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array...

5.4CVSS

5.2AI Score

0.001EPSS

2022-10-03 04:22 PM
30
cve
cve

CVE-2018-14389

joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val...

9.8CVSS

9.9AI Score

0.001EPSS

2022-10-03 04:22 PM
22
cve
cve

CVE-2018-10028

joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/...

5.3CVSS

5.1AI Score

0.001EPSS

2022-10-03 04:22 PM
24
cve
cve

CVE-2018-10096

joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add...

4.8CVSS

4.8AI Score

0.001EPSS

2022-10-03 04:22 PM
24
cve
cve

CVE-2018-12905

joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add"...

6.1CVSS

5.9AI Score

0.001EPSS

2022-10-03 04:22 PM
20
cve
cve

CVE-2018-12039

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select...

9.8CVSS

9.9AI Score

0.007EPSS

2022-10-03 04:22 PM
17
cve
cve

CVE-2020-22124

A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive...

7.5CVSS

7.4AI Score

0.003EPSS

2021-08-18 06:15 PM
19
2
cve
cve

CVE-2019-17175

joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path...

7.5CVSS

7.5AI Score

0.009EPSS

2019-10-04 03:15 PM
122
cve
cve

CVE-2018-14500

joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword...

6.1CVSS

6AI Score

0.001EPSS

2018-07-22 05:29 PM
27
cve
cve

CVE-2018-14334

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to...

9.8CVSS

9.6AI Score

0.021EPSS

2018-07-17 02:29 AM
26
cve
cve

CVE-2018-10073

joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword...

4.8CVSS

4.9AI Score

0.001EPSS

2018-04-12 06:29 PM
20
cve
cve

CVE-2018-8766

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to...

9.8CVSS

9.6AI Score

0.021EPSS

2018-03-18 06:29 AM
28
cve
cve

CVE-2018-8767

joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name...

4.8CVSS

4.9AI Score

0.001EPSS

2018-03-18 06:29 AM
20
cve
cve

CVE-2018-8717

joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager...

8.8CVSS

8.5AI Score

0.001EPSS

2018-03-15 01:29 AM
20