thinkphp SQL Injection Vulnerability (CNVD-2018-09389)

thinkphp is a set of open source, PHP-based lightweight web application development framework. A SQL injection vulnerability exists in thinkphp version 3.1.3. A remote attacker can use the 's' parameter to send a specially crafted SQL statement to the index.php file to exploit the vulnerability t...

Backdoor in Tpshop <= 2.0.8 (CVE-2018-9919)

Backdoor in Tpshop = 2.0.8 CVE-2018-9919 The Tpshop open source mall system is a multi-merchant mode mall system developed by Shenzhen Leopard Network Co., Ltd.This system is based on the Thinkphp development framework. Product Download: http://www.tp-shop.cn/Index/Index/download.html Vulnerabili...

Tpshop 2.0.8 Arbitrary File Download / SSRF Vulnerability

Tpshop versions 2.0.8 and below suffer from arbitrary file download and server-side request forgery vulnerabilities. Backdoor in Tpshop = 2.0.8 CVE-2018-9919 The Tpshop open source mall system is a multi-merchant mode mall system developed by Shenzhen Leopard Network Co., Ltd.This system is based...

Tpshop 2.0.8 Arbitrary File Download / SSRF

Backdoor in Tpshop = 2.0.8 CVE-2018-9919 The Tpshop open source mall system is a multi-merchant mode mall system developed by Shenzhen Leopard Network Co., Ltd.This system is based on the Thinkphp development framework. Product Download: http://www.tp-shop.cn/Index/Index/download.html Vulnerabili...

Sql injection

thinkphp 3.1.3 has SQL Injection via the index.php s parameter...

CVE-2018-10225

thinkphp 3.1.3 has SQL Injection via the index.php s parameter...

CVE-2018-10225

thinkphp 3.1.3 has SQL Injection via the index.php s parameter...

CVE-2018-10225

thinkphp 3.1.3 has SQL Injection via the index.php s parameter...

CVE-2018-10225

CVE-2018-10225 affects thinkphp 3.1.3. The vulnerability is a SQL injection via the index.php?s parameter, enabling crafted SQL statements to affect the backend database. Exploitation details are not provided in the connected documents; the CVSS info from NVD indicates CRITICAL impact (AV:N/AC:L/...

Thinkphp3.2.3最新版update注入漏洞

原文来自安全客，作者：0r3ak@0kee Team 原文： 简要描述 thinkphp是国内著名的php开发框架，有完善的开发文档，基于MVC架构，其中Thinkphp3.2.3是目前使用最广泛的thinkphp版本，虽然已经停止新功能的开发，但是普及度高于新出的thinkphp5系列，由于框架实现安全数据库过程中在update更新数据的过程中存在SQL语句的拼接，并且当传入数组未过滤时导致出现了SQL注入。 Git补丁更新 新增加了BIND表达式 漏洞详情...

MobileCms v1.2 Arbitrary File Upload Vulnerability

MobileCms is a ThinkPhp framework based on the development of background content management system , provides for Android Iphone Phonegap windowsPhone call api interface , developers only need to make simple changes , you can provide interface data for mobile devices . MobileCms v1.2 there are...

Tpshop <= 2.0.6 Server Side Request Forgery Vulnerability

Exploit for php platform in category web applications SSRF（Server Side Request Forgery） in Tpshop = 2.0.6 CVE-2017-16614 The Tpshop open source mall system is a multi-merchant mode mall system developed by Shenzhen Leopard Network Co., Ltd.This system is based on the Thinkphp development framewor...

XSS Vulnerability in StartBBS Lightweight Micro Community System at Postings

StartBBS Lightweight Micro Community System is an elegant, open source, lightweight community system based on Thinkphp 5.15 & Layui, with its own article system. StartBBS lightweight micro-community system v2.0.0 version of the posting at the storage-type XSS vulnerability, the attacker can inser...

Arbitrary File Download Vulnerability in LaySNS

LaySNS Light Community is a comprehensive website system based on ThinkPHP5+LayUI that integrates content publishing and community exchange. LaySNS has an arbitrary file download vulnerability. Allows an attacker to exploit the vulnerability to download any file of the system...

xml entity injection vulnerability in CLTPHP version 5.5.3

CLTPHP is a content management system developed in ThinkPHP with the Layui framework in the backend. CLTPHP version 5.5.3 has an XML entity injection vulnerability in the program implementation, which can be exploited by attackers to read arbitrary files, execute system commands, probe intranet...

Directory Traversal Vulnerability in CLTPHP Version 5.5.3

CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. A directory traversal vulnerability exists in CLTPHP version 5.5.3, which can be exploited by attackers to obtain sensitive information...

LvyeCms v3.1 has an arbitrary file creation vulnerability

LvyeCms 旅烨cms is a php content management system based on ThinkPHP. LvyeCms v3.1 version exists arbitrary file creation vulnerability, the vulnerability is due to the system fails to fully filter the incoming file content and path parameters. An attacker can use this vulnerability to upload Troja...

Code execution vulnerability in lyadmin

lyadmin is a set of lightweight general background, using ThinkPHP + Bootstrap3 production, built-in system settings, upload management, rights management, module management, plug-in management and other functions. lyadmin v1.2.0 version of the existence of code execution vulnerabilities ,...

File inclusion vulnerability in the get_url_contents() method of the DSmall Multi-User Mall system

DSmall is a multi-user mall system source code developed with thinkPHP as the framework. DSmall multi-user mall system geturlcontents method file inclusion vulnerability. Allow attackers to exploit the vulnerability to remotely execute arbitrary code...

Code execution vulnerability in AddonsController.class.php file in backend of Thunderwind Movie CMS v3.3.4

Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. A code execution vulnerability exists in the AddonsController.class.php file in the backend of Thunderwind CMS...