CVE-2018-15129

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article∾=comment=do content parameter...

CVE-2024-6942

A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads to cross site scripting. It is possible to...

CVE-2024-6942

A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads to cross site scripting. It is possible to...

CVE-2024-6942 ThinkSAAS Admin Panel Security Center anti.php cross site scripting

A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads to cross site scripting. It is possible to...

CVE-2024-6942 ThinkSAAS Admin Panel Security Center anti.php cross site scripting

A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads to cross site scripting. It is possible to...

CVE-2024-6942

ThinkSAAS 3.7.0 Admin Panel Security Center contains a cross-site scripting flaw in file app/system/action/anti.php. Manipulating ip, email, or phone arguments can be exploited remotely; exploit has been disclosed publicly. Multiple connected sources confirm affected software and component. Pract...

CVE-2024-6941

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument sitetitle/sitesubtitle/sitekey/sitedesc/siteurl/siteemail/siteicp leads to cross site scriptin...

CVE-2024-6941

ThinkSAAS 3.7.0 is affected by a cross-site scripting vulnerability in the processing of app/system/action/do.php. The issue arises from manipulating arguments site_title, site_subtitle, site_key, site_desc, site_url, site_email, and site_icp, enabling potential remote exploitation. The PT-Securi...

CVE-2024-6941 ThinkSAAS do.php cross site scripting

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument sitetitle/sitesubtitle/sitekey/sitedesc/siteurl/siteemail/siteicp leads to cross site scriptin...

CVE-2024-6941 ThinkSAAS do.php cross site scripting

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument sitetitle/sitesubtitle/sitekey/sitedesc/siteurl/siteemail/siteicp leads to cross site scriptin...

PT-2024-37979

Name of the Vulnerable Software and Affected Versions ThinkSAAS version 3.7.0 Description A problematic issue has been found in the processing of the file app/system/action/do.php. The manipulation of the arguments site title, site subtitle, site key, site desc, site url, site email, site icp lea...

PT-2024-37980 · Thinksaas · Thinksaas

Name of the Vulnerable Software and Affected Versions: ThinkSAAS version 3.7.0 Description: A problematic issue was found in the Admin Panel Security Center component, specifically in the file app/system/action/anti.php. The manipulation of the ip, email, or phone argument leads to cross-site...

ThinkSAAS SQL Injection Vulnerability (CNVD-2024-35182)

ThinkSAAS is ThinkSAAS open source a code completely open source , flexible and open building system program . ThinkSAAS version 3.7.0 SQL injection vulnerability exists , the vulnerability stems from the name parameter in the systemactionupdate.php lack of validation of external input SQL...

CVE-2024-40456

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...

CVE-2024-40455

An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request...

CVE-2024-40455

An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request...

CVE-2024-40456

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...

CVE-2024-40456

ThinkSAAS v3.7.0 contains an SQL injection vulnerability exploitable via the name parameter in /system/action/update.php. Root cause described in connected sources as insufficient validation of external input in that endpoint. CVSS v3.1 base score 9.8 (CRITICAL) with network attack vector, no pri...

PT-2024-28854 · Thinksaas · Thinksaas

Name of the Vulnerable Software and Affected Versions: ThinkSAAS version 3.7.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the name parameter at the "/system/action/update.php" API endpoint. Recommendations: For ThinkSAAS version...

CVE-2024-40455

CVE-2024-40455 concerns ThinkSAAS 3.7, where an arbitrary file deletion vulnerability can be triggered by a crafted request. The available documents identify the affected product/version and the broad impact (arbitrary files deletion) but do not provide detailed root cause, specific affected comp...