Every CVE whose affected-product data names Jtbc Jtbc Php, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2018-17836 — CVSS 8.8 (high): An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?t…
CVE-2018-18436 — CVSS 8.8 (high): JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI.
CVE-2018-19327 — CVSS 8.8 (high): An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF.
CVE-2018-19546 — CVSS 8.8 (high): JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content…
CVE-2019-8433 — CVSS 7.5 (high): JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file.
CVE-2019-9662 — CVSS 7.5 (high): An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management module is flawed. An arbitrary file ending in "inc.php" can be deleted…
CVE-2018-17837 — CVSS 7.5 (high): An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&p…
CVE-2018-17838 — CVSS 7.5 (high): An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list…