RSS   Vulnerabilities for 'Jtbc php'   RSS

2019-02-17
 
CVE-2019-8433

CWE-434
 

 
JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file.

 
2018-11-26
 
CVE-2018-19547

CWE-79
 

 
JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter.

 
 
CVE-2018-19546

CWE-352
 

 
JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter.

 
2018-11-17
 
CVE-2018-19327

CWE-352
 

 
An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF.

 
2018-10-17
 
CVE-2018-18436

CWE-352
 

 
JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI.

 
2018-10-01
 
CVE-2018-17838

CWE-22
 

 
An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring.

 
 
CVE-2018-17837

CWE-20
 

 
An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring.

 
 
CVE-2018-17836

CWE-20
 

 
An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload.

 


Copyright 2019, cxsecurity.com

 

Back to Top