Critical severity9.8NVD Advisory· Published Sep 21, 2019· Updated Jun 17, 2026
CVE-2019-16656
CVE-2019-16656
Description
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.
Affected products
2- joyplus-cms/joyplus-cmsdescription
- Range: =1.6.0
Patches
Vulnerability mechanics
References
1- github.com/joyplus/joyplus-cms/issues/442nvdExploitIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.