Jtbc

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2018-17836	Jtbc Jtbc	Hig	0.57	8.8	0.02		Oct 1, 2018	An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload.
CVE-2018-17838	Avaterxxx Jtbc	Hig	0.49	7.5	0.02		Oct 1, 2018	An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring.

CVE-2018-17836HigOct 1, 2018
Jtbc
Jtbc
risk 0.57cvss 8.8epss 0.02
An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload.
CVE-2018-17838HigOct 1, 2018
Avaterxxx
Jtbc
risk 0.49cvss 7.5epss 0.02
An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring.