Vulnerabilities > Joyplus Project > Joyplus > 1.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-21 | CVE-2019-16660 | Cross-Site Request Forgery (CSRF) vulnerability in Joyplus Project Joyplus 1.6.0 joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. | 8.8 |
| 2019-09-21 | CVE-2019-16656 | Unspecified vulnerability in Joyplus Project Joyplus 1.6.0 joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. | 9.8 |
| 2019-09-21 | CVE-2019-16655 | Unspecified vulnerability in Joyplus Project Joyplus 1.6.0 joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available. | 7.5 |