Skip to main content

Joyplus Cms

14 CVEs product

Monthly

CVE-2019-17175 HIGH POC This Week

joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Joyplus Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-14501 CRITICAL POC Act Now

manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Joyplus Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-14500 MEDIUM POC This Month

joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2018-14389 CRITICAL POC Act Now

joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Joyplus Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-14388 MEDIUM POC This Month

joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-14334 CRITICAL POC Act Now

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Joyplus Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-12905 MEDIUM POC THREAT This Month

joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
42.2%
CVE-2018-12039 CRITICAL POC Act Now

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE PHP Joyplus Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
4.7%
CVE-2018-10096 MEDIUM POC This Month

joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add request. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-10073 MEDIUM POC This Month

joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-10028 MEDIUM This Month

joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joyplus Cms
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-8767 MEDIUM POC This Month

{pre}vod_type via the t_name parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-8766 CRITICAL POC Act Now

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Joyplus Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-8717 HIGH POC This Week

{pre}manager request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Joyplus Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
EPSS 2% CVSS 7.5
HIGH POC This Week

joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Joyplus Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Joyplus Cms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Joyplus Cms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Joyplus Cms
NVD GitHub
EPSS 42% CVSS 6.1
MEDIUM POC THREAT This Month

joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE PHP +1
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add request. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM This Month

joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joyplus Cms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

{pre}vod_type via the t_name parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

{pre}manager request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Joyplus Cms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy