58 matches found
CVE-2024-33444
SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component...
OneThink 安全漏洞
OneThink is an open source content management framework. A security vulnerability exists in OneThink version v.1.1, which stems from an elevation of privilege vulnerability in the ModelModel.class.php component...
SQL injection vulnerability in yershop mall system
yershop mall system is based on onethink content management framework, thinkphp3.2.3 new version of the comprehensive mall system. There is a SQL injection vulnerability in yershop mall system. An attacker can exploit this vulnerability to gain server privileges...
Command execution vulnerability exists in OneThink (CNVD-2021-30190)
OneThink is an open source content management framework. OneThink suffers from a command execution vulnerability that can be exploited by an attacker to gain control of the server...
Command Execution Vulnerability in OneThink
OneThink is an open source content management framework. OneThink suffers from a command execution vulnerability that can be exploited by an attacker to gain control of a web server...
Command execution vulnerability exists in OneThink (CNVD-2021-22773)
OneThink is an open source content management framework. OneThink suffers from a command execution vulnerability that can be exploited by an attacker to gain control of a web server...
OneThink Pu***.cl***.php file suffers from a universal password bypass vulnerability
OneThink is an open source content management framework. A universal password bypass vulnerability exists in the OneThink Pu.cl.php file. An attacker can exploit the vulnerability to obtain data-sensitive information...
File Inclusion Vulnerability in opensns
OpenSNS is a lightweight social user center framework based on OneThink. The system adheres to a minimalist design style and focuses on communication. A file inclusion vulnerability exists in OpenSNS, which can be exploited by an attacker to gain control of the web server...
Code Execution Vulnerability in OpenSNS
OpenSNS is a lightweight social user center framework based on OneThink. The system adheres to a minimalist design style and focuses on communication. A code execution vulnerability exists in OpenSNS, which can be exploited by an attacker to gain control of the web server...
Code Execution Vulnerability in OpenSNS V5
OpenSNS is a lightweight social user center framework based on OneThink. The system adheres to a minimalist design style and focuses on communication. A code execution vulnerability exists in OpenSNS, which can be exploited by an attacker to obtain server information...
SQL Injection Vulnerability in the Frontend of the Latest Version of OpenSNS
OpenSNS is a lightweight social user center framework based on OneThink. The system adheres to a minimalist design style and focuses on communication. The latest version of OpenSNS has a SQL injection vulnerability in the frontend, which can be exploited by attackers to obtain database informatio...
CVE-2018-16449
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...
Cross site request forgery (csrf)
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...
CVE-2018-16449
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...
CVE-2018-16449
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...
CVE-2018-16449
CVE-2018-16449 affects OneThink 1.1.141212, enabling cross-site request forgery (CSRF) to perform admin actions: adding a page (admin.php?s=/Channel/add.html), adding a blog (admin.php?s=/Article/update.html), and changing audit state (admin.php?s=/Article/setStatus/status/1.html). The connected ...
Cross site request forgery (csrf)
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges...
Cross site request forgery (csrf)
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user...
CVE-2018-15197
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges...
CVE-2018-15197
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges...