149 matches found
CVE-2022-40849
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...
CVE-2022-40489
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery CSRF vulnerability that allows a Super Administrator user to be injected into administrative users...
PT-2022-25405 · Thinkcmf · Thinkcmf
Name of the Vulnerable Software and Affected Versions: ThinkCMF version 6.0.7 Description: The issue allows a Super Administrator user to be injected into administrative users due to a Cross Site Request Forgery CSRF vulnerability. Recommendations: For ThinkCMF version 6.0.7, update to a version...
CVE-2022-40489
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery CSRF vulnerability that allows a Super Administrator user to be injected into administrative users...
ThinkCMF 跨站脚本漏洞
ThinkCMF is a CMS Content Management System based on ThinkPHP. A security vulnerability exists in ThinkCMF version 6.0.7, which stems from susceptibility to a stored cross-site scripting XSS vulnerability. An attacker can exploit this vulnerability to execute arbitrary JavaScript code...
PT-2022-25579 · Thinkcmf · Thinkcmf
Name of the Vulnerable Software and Affected Versions: ThinkCMF version 6.0.7 Description: The issue allows an attacker to inject a Persistent XSS payload in the Slideshow Management section, executing arbitrary JavaScript code on the client side. This could be used to steal the administrator's P...
CVE-2022-40849
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...
CVE-2022-40849
ThinkCMF 6.0.7 is affected by a Stored XSS vulnerability in the Slideshow Management section. The flaw allows an attacker to inject a persistent XSS payload that executes arbitrary JavaScript on the client, potentially enabling theft of the administrator’s PHPSESSID. The available documents do no...
Incorrect Authorization in thinkcmf
thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required...
GHSA-V25C-8349-V2Q3 Incorrect Authorization in thinkcmf
thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required...
CVE-2021-40616
thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required...
CVE-2021-40616
thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required...
CVE-2021-40616
CVE-2021-40616 affects ThinkCMF v5.1.7. A vulnerability in the back-end user management group permissions allows an attacker to modify the administrator (id=1) password when the background user management group authority is required. This is classified as an Incorrect Authorization issue affectin...
CVE-2021-40616
thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required...
PT-2022-11280 · Thinkcmf · Thinkcmf
Name of the Vulnerable Software and Affected Versions: thinkcmf version 5.1.7 Description: The issue allows an attacker to modify the password of the administrator account with id 1 through the background user management group permissions. This is possible when the background user management grou...
ThinkCMF 安全漏洞
ThinkCMF is a CMS Content Management System based on ThinkPHP. A security vulnerability exists in ThinkCMF v5.1.7, which can be exploited by an attacker to modify the password of an administrator account with id 1 via the back-end user management group privileges...
GHSA-842M-VP3R-QWWR ThinkCMF Cross Site Request Forgerly (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability in ThinkCMF, which can add an admin account...
ThinkCMF Cross Site Request Forgerly (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability in ThinkCMF, which can add an admin account...
ThinkCMF Injection Vulnerability
ThinkCMF is a CMS Content Management System based on ThinkPHP. thinkCMF version X2.2.2 has a security vulnerability that can be exploited by attackers to execute arbitrary code via a crafted package...
CVE-2020-20601
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet...