Jtbc : Security Vulnerabilities, CVEs, (Directory traversal)

CVE-2019-9662

An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management module is flawed. An arbitrary file ending in "inc.php" can be deleted via a console/cache/manage.php?type=action&action=batch&batch=delete&ids=../ substring.
Max CVSS
7.5
EPSS Score
0.11%
Published
2019-03-11
Updated
2020-08-24

CVE-2018-17838

An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring.
Max CVSS
7.5
EPSS Score
0.90%
Published
2018-10-01
Updated
2018-11-28

CVE-2018-17837

An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring.
Max CVSS
7.5
EPSS Score
0.11%
Published
2018-10-01
Updated
2020-08-24

CVE-2018-17836

An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload.
Max CVSS
8.8
EPSS Score
0.44%
Published
2018-10-01
Updated
2020-08-24
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close