14 matches found
CVE-2018-19898
ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...
CVE-2018-19894
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...
CVE-2018-19895
ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...
CVE-2020-20601
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet...
CVE-2020-20601
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet...
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
Sql injection
ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...
CVE-2018-19898
ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...
Sql injection
ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...
CVE-2018-19895
ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...
CVE-2018-19898
ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...
CVE-2018-19898
ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...
CVE-2018-19894
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...
ThinkCMF SQL Injection Vulnerability
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. An SQL injection vulnerability exists in the editpost method in ArticleController.class.php in ThinkCMF X2.2.2, which can be exploited by a normal authenticated user to perform a SQL injection attack via the postid1 parameter ...