19 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function. • https://github.com/joyplus/joyplus-cms/issues/447 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information. Una vulnerabilidad en el componente \inc\config.php de joyplus-cms versión v1.6, permite a atacantes acceder a información confidencial. • https://github.com/876054426/vul/issues/1 • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal. joyplus-cms versión 1.6.0, permite un salto de ruta absoluto de manager/admin_pic.php?rootpath=. • https://github.com/joyplus/joyplus-cms/issues/443 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available. joyplus-cms versión 1.6.0, permite la reinstalación si la URI install/ se conserva disponible. • https://github.com/joyplus/joyplus-cms/issues/441 •

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1

joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. joyplus-cms versión 1.6.0, permite a atacantes remotos ejecutar código PHP arbitrario por medio de /install colocando el código en el nombre de un objeto en la base de datos. • https://github.com/joyplus/joyplus-cms/issues/442 •