Main Vulnerability Database Vulnerabilities #VU37068

SQL injection in joyplus cms - CVE-2018-12039

Published: June 7, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37068

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-12039

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: joyplus

Affected software:
joyplus cms

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring.

How to mitigate CVE-2018-12039

Install update from vendor's website.

Sources

https://github.com/joyplus/joyplus-cms/issues/425

SQL injection in joyplus cms - CVE-2018-12039

Detailed vulnerability description

How to mitigate CVE-2018-12039

Sources

Please verify you're human