Lucene search
K
JtbcJtbc Php

9 matches found

CVE
CVE
added 2019/03/11 4:0 a.m.55 views

CVE-2019-9662

CVE-2019-9662 affects JTBC(PHP) 3.0.1.8, specifically its cache management module. The issue allows deletion of arbitrary files ending with inc.php through the URL parameter: console/cache/manage.php?type=action&action=batch&batch=delete&ids=../, indicating a path-traversal/permission problem. Th...

7.5CVSS7.5AI score0.01678EPSS
Web
CVE
CVE
added 2019/02/18 12:0 a.m.50 views

CVE-2019-8433

CVE-2019-8433 affects JTBC(PHP) 3.0.1.8, allowing arbitrary file upload via the console/#/console/file/manage.php?type=list URI, demonstrated by uploading a .php file. This indicates a flaw in file handling/validation on that endpoint. The available connected documents confirm the vulnerability d...

7.5CVSS7.5AI score0.01184EPSS
Web
CVE
CVE
added 2018/11/17 3:0 p.m.48 views

CVE-2018-19327

Summary: Multiple sources confirm a CSRF vulnerability in JTBC(PHP) 3.0.1.7, specifically in aboutus/manage.php?type=action&action=add. The issue allows unauthorized operations and is described across CVE-2018-19327 records in NVD/CNVD/PRION lists. Affected component: JTBC(PHP) 3.0.1.7, vulnerabl...

8.8CVSS8.6AI score0.00494EPSS
Web
CVE
CVE
added 2018/11/26 7:0 a.m.47 views

CVE-2018-19547

CVE-2018-19547 affects JTBC(PHP) 3.0.1.7 with a reflected/stored XSS in the console/xml/manage.php?type=action&action=edit content parameter. The root cause is an improper handling of the content parameter in that endpoint, enabling injection of arbitrary JavaScript/HTML. The connected documents ...

6.1CVSS6AI score0.0073EPSS
Web
CVE
CVE
added 2018/10/01 8:0 a.m.45 views

CVE-2018-17837

The CVE-2018-17837 entry concerns JTBC(PHP) 3.0.1.6, where an attacker could trigger arbitrary file deletion through /console/file/manage.php?type=action&action=delete&path=c%3A%2F. The issue is documented across multiple sources (NVD/CNVD/CVELIST/etc.) with the same exposure: the vulnerable comp...

7.5CVSS7.4AI score0.01266EPSS
Web
CVE
CVE
added 2018/10/17 5:0 a.m.45 views

CVE-2018-18436

CVE-2018-18436 affects JTBC(PHP) 3.0. The vulnerability is a CSRF flaw in the account-creation workflow exposed via console/account/manage.php?type=action&action=add, enabling unauthorized account creation. Root cause: CSRF in the account create action; impact includes confidentiality, integrity,...

8.8CVSS8.6AI score0.00513EPSS
Web
CVE
CVE
added 2018/10/01 8:0 a.m.44 views

CVE-2018-17836

JTBC(PHP) 3.0.1.6 is affected by CVE-2018-17836. A remote attacker can execute arbitrary PHP code by exploiting a file upload via /console/file/manage.php?type=action&action=addfile&path=..%2F in combination with a multipart/form-data PHP payload. The vulnerability stems from a path-traversal/uns...

8.8CVSS8.9AI score0.01594EPSS
Web
CVE
CVE
added 2018/10/01 8:0 a.m.43 views

CVE-2018-17838

CVE-2018-17838 affects JTBC(PHP) 3.0.1.6. The vulnerable component allows arbitrary file read via the web path /console/#/console/file/manage.php?type=list&path=c:/, enabling reading of arbitrary server files. All sources consistently describe this vulnerability as an arbitrary file read in JTBC(...

7.5CVSS7.3AI score0.01515EPSS
Web
CVE
CVE
added 2018/11/26 7:0 a.m.41 views

CVE-2018-19546

JTBC(PHP) 3.0.1.7 is affected by a CSRF vulnerability exploitable through console/xml/manage.php?type=action&action=edit, demonstrated by an XSS payload in the content parameter. The NVD entry assigns CVSSv3.0 base score 8.8 (vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), with network acc...

8.8CVSS8.3AI score0.00544EPSS
Web