CVE-2019-16656

Name of the Vulnerable Software and Affected Versions joyplus-cms version 1.6.0

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by accessing the /install API endpoint and placing the malicious code in the name of an object in the database.

Recommendations For joyplus-cms version 1.6.0, consider restricting access to the /install endpoint until a patch is available. As a temporary workaround, avoid using the /install endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.