Vulnerabilities > Joyplus CMS Project > Joyplus CMS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-20 | CVE-2020-20636 | SQL Injection vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function. | 7.5 |
| 2021-08-18 | CVE-2020-22124 | Files or Directories Accessible to External Parties vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information. | 7.5 |
| 2019-10-04 | CVE-2019-17175 | Path Traversal vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal. | 7.5 |
| 2018-03-15 | CVE-2018-8717 | Cross-Site Request Forgery (CSRF) vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request. | 8.8 |