CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

154 matches found

OSV•added 2021/07/08 5:15 p.m.•2 views

CVE-2020-18741

Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."...

5.3CVSS5.8AI score0.00236EPSS

Exploits1References1

NVD•added 2021/07/08 5:15 p.m.•10 views

CVE-2020-18741

5.3CVSS0.00236EPSS

Exploits1References1

Prion•added 2021/07/08 5:15 p.m.•10 views

Authorization

5CVSS5.3AI score0.00236EPSS

Exploits1References1Affected Software1

CVE•added 2021/07/08 4:29 p.m.•57 views

CVE-2020-18741

CVE-2020-18741 corresponds to an authorization vulnerability in ThinkSAAS v2.7. The issue allows remote attackers to modify the description of any user’s photo through the parameters photoid[] and photodesc[] in the component index.php?app=photo. The root cause is improper authorization, enabling...

5.3CVSS5.3AI score0.00236EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/07/08 4:29 p.m.•9 views

CVE-2020-18741

5.4AI score0.00236EPSS

Exploits1References1

CNNVD•added 2021/07/08 12:0 a.m.•3 views

ThinkSAAS 安全漏洞

ThinkSAAS is an open source community development system based on PHP and MySQL. ThinkSAAS version 2.7 suffers from an authorization issue vulnerability, which can be exploited by remote attackers to modify the description of any user's photo via the "photoid\%5B\%5D" and...

5.3CVSS5.7AI score0.00236EPSS

Exploits1References2

CNVD•added 2021/03/25 12:0 a.m.•5 views

ThinkSAAS SQL Injection Vulnerability (CNVD-2021-27807)

ThinkSAAS is a lightweight php open source community system , is a can be used to build discussion groups , bbs forums and circles open open source community system . ThinkSAAS before version 3.38 SQL injection vulnerability exists . The vulnerability is caused by the...

9.8CVSS7.4AI score0.00527EPSS

Exploits1References1

OSV•added 2021/03/24 4:15 p.m.•2 views

CVE-2020-35337

ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands...

9.8CVSS6.1AI score0.00527EPSS

Exploits1References2

NVD•added 2021/03/24 4:15 p.m.•7 views

CVE-2020-35337

ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands...

9.8CVSS0.00527EPSS

Exploits1References2

Prion•added 2021/03/24 4:15 p.m.•12 views

Sql injection

ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands...

7.5CVSS9.8AI score0.00527EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/03/24 3:40 p.m.•11 views

CVE-2020-35337

ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands...

9.9AI score0.00527EPSS

Exploits1References2

CVE•added 2021/03/24 3:40 p.m.•42 views

CVE-2020-35337

Summary (mode C): ThinkSAAS before 3.38 has a SQL injection vulnerability in the admin topic page, exposed via the title parameter in app/topic/action/admin/topic.php. The root cause is insufficient input validation/sanitization of the title, enabling arbitrary SQL execution by remote attackers. ...

9.8CVSS9.8AI score0.00527EPSS

Exploits1References2Affected Software1

CNNVD•added 2021/03/24 12:0 a.m.•3 views

ThinkSAAS SQL注入漏洞

9.8CVSS8.5AI score0.00527EPSS

Exploits1References3

CNVD•added 2021/01/19 12:0 a.m.•4 views

SQL Injection Vulnerability in ThinkSaaS Open Source Community Foundation Edition

ThinkSAAS open source community is a lightweight open source community system , is a community system that can be used to build discussion groups , bbs and circles . ThinkSaaS Open Source Community Basic Edition suffers from a SQL injection vulnerability . Attackers can exploit the vulnerability ...

7.3AI score

Exploits0

CNVD•added 2020/08/08 12:0 a.m.•0 views

ThinkSAAS open source community ThinkSAAS has xss vulnerability

ThinkSAAS open source community is a lightweight open source community system , is a community system that can be used to build discussion groups , bbs and circles . thinksaas open source community thinksaas xss vulnerability , attackers can use the vulnerability to obtain sensitive information...

6.5AI score

Exploits0

NVD•added 2019/09/21 6:15 p.m.•7 views

CVE-2019-16665

An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element...

6.1CVSS6AI score0.00223EPSS

Exploits1References1

OSV•added 2019/09/21 6:15 p.m.•1 views

CVE-2019-16665

6.1CVSS5.8AI score0.00223EPSS

Exploits1References1

NVD•added 2019/09/21 6:15 p.m.•11 views

CVE-2019-16664

An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter...

4.8CVSS4.9AI score0.00219EPSS

Exploits1References1

OSV•added 2019/09/21 6:15 p.m.•2 views