Joyplus Project: >> Joyplus Security Vulnerabilities
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-09-21
joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-09-21
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-09-21