Joyplus Project: Security Vulnerabilities
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-09-21
joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-09-21
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-09-21
manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-07-22