CVE-2019-16660

Name of the Vulnerable Software and Affected Versions joyplus-cms version 1.6.0

Description The issue concerns a CSRF vulnerability in the admin ajax.php endpoint, specifically with the action=savexml and tab=vodplay parameters. This allows for potential unauthorized actions.

Recommendations For joyplus-cms version 1.6.0, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests to the admin ajax.php endpoint. As a temporary workaround, restrict access to the admin ajax.php endpoint, especially for the savexml action and vodplay tab, until a proper fix is applied.