Jtbc Php Security Vulnerabilities and Issues — Jtbc Php CVE List

Lucene search

JtbcJtbc Php

7 matches found

CVE•added 2018/10/01 8:29 a.m.•35 views

CVE-2018-17837

An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring.

7.5CVSS7.4AI score0.00523EPSS

CVE•added 2018/11/17 3:29 p.m.•35 views

CVE-2018-19327

An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF.

8.8CVSS8.6AI score0.00145EPSS

CVE•added 2018/10/01 8:29 a.m.•34 views

CVE-2018-17836

An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload.

8.8CVSS8.9AI score0.01189EPSS

CVE•added 2018/11/26 7:29 a.m.•34 views

CVE-2018-19547

JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter.

6.1CVSS6AI score0.0024EPSS

CVE•added 2018/10/01 8:29 a.m.•33 views

CVE-2018-17838

An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring.

7.5CVSS7.3AI score0.00419EPSS

CVE•added 2018/10/17 6:29 a.m.•33 views

CVE-2018-18436

JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI.

8.8CVSS8.6AI score0.00141EPSS

CVE•added 2018/11/26 7:29 a.m.•30 views

CVE-2018-19546

JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter.

8.8CVSS8.3AI score0.00146EPSS