CVE-2020-20636
https://notcve.org/view.php?id=CVE-2020-20636
SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function. • https://github.com/joyplus/joyplus-cms/issues/447 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-22124
https://notcve.org/view.php?id=CVE-2020-22124
A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information. Una vulnerabilidad en el componente \inc\config.php de joyplus-cms versión v1.6, permite a atacantes acceder a información confidencial. • https://github.com/876054426/vul/issues/1 • CWE-552: Files or Directories Accessible to External Parties •
CVE-2019-17175
https://notcve.org/view.php?id=CVE-2019-17175
joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal. joyplus-cms versión 1.6.0, permite un salto de ruta absoluto de manager/admin_pic.php?rootpath=. • https://github.com/joyplus/joyplus-cms/issues/443 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-14501
https://notcve.org/view.php?id=CVE-2018-14501
manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring. manager/admin_ajax.php en joyplus-cms 1.6.0 tiene una inyección SQL, tal y como queda demostrado con datos POST manipulados con una subcadena que comienza por "m_id=1 AND SLEEP(5)". • https://github.com/joyplus/joyplus-cms/issues/432 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-14500
https://notcve.org/view.php?id=CVE-2018-14500
joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter. joyplus-cms 1.6.0 tiene Cross-Site Scripting (XSS) en manager/collect/collect_vod_zhuiju.php mediante el parámetro keyword. • https://github.com/joyplus/joyplus-cms/issues/431 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •