CVE-2018-14334

Name of the Vulnerable Software and Affected Versions joyplus-cms version 1.6.0

Description The issue allows for arbitrary file upload due to insufficient detection of prohibited file extensions in the manager/editor/upload.php file. This can lead to the upload and execution of a .php file.

Recommendations For joyplus-cms version 1.6.0, consider restricting access to the upload functionality in manager/editor/upload.php until a proper fix is implemented to prevent the upload of malicious files, such as .php files. As a temporary workaround, consider adding additional validation to ensure that only allowed file types can be uploaded.