Vulnerabilities for Joyplus (...) - CXSECURITY.COM

Vulnerabilities for 'Joyplus'

2019-09-21

CVE-2019-16660

CWE-352

joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.

CVE-2019-16656

CWE-20

joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.

CVE-2019-16655

CWE-20

joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.

>>> Vendor: Joyplus project 2 Products

Copyright 2024, cxsecurity.com