/console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account.
8.8CVSS
8.6AI Score
0.001EPSS
An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload.
8.8CVSS
8.9AI Score
0.004EPSS
An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring.
7.5CVSS
7.4AI Score
0.001EPSS
An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring.
7.5CVSS
7.3AI Score
0.006EPSS
JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI.
8.8CVSS
8.6AI Score
0.001EPSS
An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type=action&action=add allows CSRF.
8.8CVSS
8.6AI Score
0.001EPSS
JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter.
8.8CVSS
8.3AI Score
0.003EPSS
JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter.
6.1CVSS
6AI Score
0.001EPSS
JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file.
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management module is flawed. An arbitrary file ending in "inc.php" can be deleted via a console/cache/manage.php?type=action&action=batch&batch=delete&ids=../ substring.
7.5CVSS
7.5AI Score
0.001EPSS