CVE-2018-14334

Name: CVE-2018-14334
Creator: NVD / NIST
Published: 2018-07-17T02:29:00.44+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.66%

Last modified Jun 17, 2026

CVE-2018-14334 is a vulnerability of currently unknown severity. manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766.. EPSS estimates a 1.66% chance of exploitation in the next 30 days.

Description

manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766.

Metrics

EPSS Probability

1.66%

73.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-434

Affected Software

Vendor	Product	Versions
Joyplus-Cms Project	Joyplus-Cms	1.6.0

References

https://github.com/joyplus/joyplus-cms/issues/428Exploit, Third Party Advisory
https://github.com/joyplus/joyplus-cms/issues/428Exploit, Third Party Advisory

Timeline

Published: Jul 17, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-14334?

How severe is CVE-2018-14334?

Severity scoring for CVE-2018-14334 is pending analysis. The EPSS model estimates a 1.66% probability of exploitation in the next 30 days.

How do I fix CVE-2018-14334?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-14334?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST