Lucene search
K

149 matches found

Cvelist
Cvelist
added 2022/12/01 12:0 a.m.36 views

CVE-2022-40849

ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...

5.4AI score0.00394EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/12/01 12:0 a.m.6 views

CVE-2022-40489

ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery CSRF vulnerability that allows a Super Administrator user to be injected into administrative users...

7.2AI score0.00343EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/12/01 12:0 a.m.8 views

PT-2022-25405 · Thinkcmf · Thinkcmf

Name of the Vulnerable Software and Affected Versions: ThinkCMF version 6.0.7 Description: The issue allows a Super Administrator user to be injected into administrative users due to a Cross Site Request Forgery CSRF vulnerability. Recommendations: For ThinkCMF version 6.0.7, update to a version...

8.8CVSS7.1AI score0.00343EPSS
Exploits1References10
Cvelist
Cvelist
added 2022/12/01 12:0 a.m.34 views

CVE-2022-40489

ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery CSRF vulnerability that allows a Super Administrator user to be injected into administrative users...

9AI score0.00343EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.5 views

ThinkCMF 跨站脚本漏洞

ThinkCMF is a CMS Content Management System based on ThinkPHP. A security vulnerability exists in ThinkCMF version 6.0.7, which stems from susceptibility to a stored cross-site scripting XSS vulnerability. An attacker can exploit this vulnerability to execute arbitrary JavaScript code...

5.4CVSS5.8AI score0.00394EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/12/01 12:0 a.m.5 views

PT-2022-25579 · Thinkcmf · Thinkcmf

Name of the Vulnerable Software and Affected Versions: ThinkCMF version 6.0.7 Description: The issue allows an attacker to inject a Persistent XSS payload in the Slideshow Management section, executing arbitrary JavaScript code on the client side. This could be used to steal the administrator's P...

5.4CVSS6.6AI score0.00394EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2022/12/01 12:0 a.m.7 views

CVE-2022-40849

ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...

5.8AI score0.00394EPSS
Exploits1References1
CVE
CVE
added 2022/12/01 12:0 a.m.65 views

CVE-2022-40849

ThinkCMF 6.0.7 is affected by a Stored XSS vulnerability in the Slideshow Management section. The flaw allows an attacker to inject a persistent XSS payload that executes arbitrary JavaScript on the client, potentially enabling theft of the administrator’s PHPSESSID. The available documents do no...

5.4CVSS5.2AI score0.00394EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/15 12:0 a.m.34 views

Incorrect Authorization in thinkcmf

thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required...

6.5CVSS4.1AI score0.00724EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/06/15 12:0 a.m.27 views

GHSA-V25C-8349-V2Q3 Incorrect Authorization in thinkcmf

thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required...

6.5CVSS6.5AI score0.00724EPSS
Exploits1References3
NVD
NVD
added 2022/06/14 10:15 a.m.13 views

CVE-2021-40616

thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required...

6.5CVSS0.00724EPSS
Exploits1References1
OSV
OSV
added 2022/06/14 10:15 a.m.12 views

CVE-2021-40616

thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required...

6.5CVSS6.6AI score
Exploits0References1
CVE
CVE
added 2022/06/14 9:55 a.m.86 views

CVE-2021-40616

CVE-2021-40616 affects ThinkCMF v5.1.7. A vulnerability in the back-end user management group permissions allows an attacker to modify the administrator (id=1) password when the background user management group authority is required. This is classified as an Incorrect Authorization issue affectin...

6.5CVSS6.5AI score0.00724EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/06/14 9:55 a.m.19 views

CVE-2021-40616

thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required...

6.7AI score0.00724EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/06/14 12:0 a.m.4 views

PT-2022-11280 · Thinkcmf · Thinkcmf

Name of the Vulnerable Software and Affected Versions: thinkcmf version 5.1.7 Description: The issue allows an attacker to modify the password of the administrator account with id 1 through the background user management group permissions. This is possible when the background user management grou...

6.5CVSS6.5AI score0.00724EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.4 views

ThinkCMF 安全漏洞

ThinkCMF is a CMS Content Management System based on ThinkPHP. A security vulnerability exists in ThinkCMF v5.1.7, which can be exploited by an attacker to modify the password of an administrator account with id 1 via the back-end user management group privileges...

6.5CVSS6.5AI score0.00724EPSS
Exploits1References2
OSV
OSV
added 2022/05/24 7:7 p.m.10 views

GHSA-842M-VP3R-QWWR ThinkCMF Cross Site Request Forgerly (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability in ThinkCMF, which can add an admin account...

6.5CVSS6.5AI score0.00473EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/05/24 7:7 p.m.18 views

ThinkCMF Cross Site Request Forgerly (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability in ThinkCMF, which can add an admin account...

6.5CVSS7AI score0.00473EPSS
Exploits1References6Affected Software1
CNVD
CNVD
added 2021/12/23 12:0 a.m.17 views

ThinkCMF Injection Vulnerability

ThinkCMF is a CMS Content Management System based on ThinkPHP. thinkCMF version X2.2.2 has a security vulnerability that can be exploited by attackers to execute arbitrary code via a crafted package...

9.8CVSS6.2AI score0.07598EPSS
Exploits1References1
OSV
OSV
added 2021/12/22 11:15 p.m.19 views

CVE-2020-20601

An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet...

9.8CVSS7.7AI score
Exploits0References1
Rows per page
Query Builder