Joyplus Project

joyplus_project

4 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-16660 1Joyplus Project 1Joyplus Jun 17, 2026 Sep 21, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.
CVE-2019-16656 1Joyplus Project 1Joyplus Jun 17, 2026 Sep 21, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.
CVE-2019-16655 1Joyplus Project 1Joyplus Jun 17, 2026 Sep 21, 2019 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.
CVE-2018-14501 1Joyplus Project 1Joyplus Cms Nov 21, 2024 Jul 22, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.