CVE-2018-16449

OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...

Onethink CMS Server Side Request Forgery Vulnerability

Onethink CMS versions released up to date 2018/04/06 suffer from a server-side request forgery vulnerability. SSRFPS"Server Side Request ForgeryPSc in Onethink All version CVE-2017-14323 The Onethink is an open source CMSContent Management System.This system is based on the Thinkphp3.2 developmen...