Vulnerabilities > Joyplus Project > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-21 | CVE-2019-16656 | Unspecified vulnerability in Joyplus Project Joyplus 1.6.0 joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. | 9.8 |
| 2018-07-22 | CVE-2018-14501 | SQL Injection vulnerability in Joyplus Project Joyplus-Cms 1.6.0 manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring. | 9.8 |