15 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function. • https://github.com/joyplus/joyplus-cms/issues/447 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information. Una vulnerabilidad en el componente \inc\config.php de joyplus-cms versión v1.6, permite a atacantes acceder a información confidencial. • https://github.com/876054426/vul/issues/1 • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal. joyplus-cms versión 1.6.0, permite un salto de ruta absoluto de manager/admin_pic.php?rootpath=. • https://github.com/joyplus/joyplus-cms/issues/443 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter. joyplus-cms 1.6.0 tiene Cross-Site Scripting (XSS) en manager/collect/collect_vod_zhuiju.php mediante el parámetro keyword. • https://github.com/joyplus/joyplus-cms/issues/431 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. joyplus-cms 1.6.0 tiene Cross-Site Scripting (XSS) en manager/admin_ajax.php mediante el parámetro del array can_search_device. • https://github.com/joyplus/joyplus-cms/issues/429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •