RSS   Vulnerabilities for 'Joyplus-cms'   RSS

2018-07-22
 
CVE-2018-14501

CWE-89
 

 
manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.

 
 
CVE-2018-14500

CWE-79
 

 
joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.

 

 >>> Vendor: Joyplus project 2 Products
Joyplus-cms
Joyplus


Copyright 2024, cxsecurity.com

 

Back to Top