Jtbc Php
Monthly
An issue was discovered in JTBC(PHP) 3.0.1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in JTBC(PHP) 3.0.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in JTBC(PHP) 3.0.1.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in JTBC(PHP) 3.0.1.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in JTBC(PHP) 3.0.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in JTBC(PHP) 3.0.1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in JTBC(PHP) 3.0.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in JTBC(PHP) 3.0.1.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in JTBC(PHP) 3.0.1.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
An issue was discovered in JTBC(PHP) 3.0.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.