JinzoraCVEs & Vulnerabilities
6 CVEs affecting Jinzora products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
Most Affected Products
Directory traversal vulnerability in index.php in Jinzora Media Jukebox 2.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter.
Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php.
PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770.
PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter.
Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php.
Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability.