9 matches found
CVE-2019-9662
CVE-2019-9662 affects JTBC(PHP) 3.0.1.8, specifically its cache management module. The issue allows deletion of arbitrary files ending with inc.php through the URL parameter: console/cache/manage.php?type=action&action=batch&batch=delete&ids=../, indicating a path-traversal/permission problem. Th...
CVE-2019-8433
CVE-2019-8433 affects JTBC(PHP) 3.0.1.8, allowing arbitrary file upload via the console/#/console/file/manage.php?type=list URI, demonstrated by uploading a .php file. This indicates a flaw in file handling/validation on that endpoint. The available connected documents confirm the vulnerability d...
CVE-2018-19327
Summary: Multiple sources confirm a CSRF vulnerability in JTBC(PHP) 3.0.1.7, specifically in aboutus/manage.php?type=action&action=add. The issue allows unauthorized operations and is described across CVE-2018-19327 records in NVD/CNVD/PRION lists. Affected component: JTBC(PHP) 3.0.1.7, vulnerabl...
CVE-2018-19547
CVE-2018-19547 affects JTBC(PHP) 3.0.1.7 with a reflected/stored XSS in the console/xml/manage.php?type=action&action=edit content parameter. The root cause is an improper handling of the content parameter in that endpoint, enabling injection of arbitrary JavaScript/HTML. The connected documents ...
CVE-2018-17837
The CVE-2018-17837 entry concerns JTBC(PHP) 3.0.1.6, where an attacker could trigger arbitrary file deletion through /console/file/manage.php?type=action&action=delete&path=c%3A%2F. The issue is documented across multiple sources (NVD/CNVD/CVELIST/etc.) with the same exposure: the vulnerable comp...
CVE-2018-18436
CVE-2018-18436 affects JTBC(PHP) 3.0. The vulnerability is a CSRF flaw in the account-creation workflow exposed via console/account/manage.php?type=action&action=add, enabling unauthorized account creation. Root cause: CSRF in the account create action; impact includes confidentiality, integrity,...
CVE-2018-17836
JTBC(PHP) 3.0.1.6 is affected by CVE-2018-17836. A remote attacker can execute arbitrary PHP code by exploiting a file upload via /console/file/manage.php?type=action&action=addfile&path=..%2F in combination with a multipart/form-data PHP payload. The vulnerability stems from a path-traversal/uns...
CVE-2018-17838
CVE-2018-17838 affects JTBC(PHP) 3.0.1.6. The vulnerable component allows arbitrary file read via the web path /console/#/console/file/manage.php?type=list&path=c:/, enabling reading of arbitrary server files. All sources consistently describe this vulnerability as an arbitrary file read in JTBC(...
CVE-2018-19546
JTBC(PHP) 3.0.1.7 is affected by a CSRF vulnerability exploitable through console/xml/manage.php?type=action&action=edit, demonstrated by an XSS payload in the content parameter. The NVD entry assigns CVSSv3.0 base score 8.8 (vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), with network acc...