149 matches found
CVE-2019-7580
ThinkCMF 5.0.190111 is vulnerable to remote code execution via the portal/admin_category/addpost.html alias parameter, caused by mishandling of a single quote that allows data/conf/route.php injection. Red Hat and other records confirm CVE-2019-7580, but the provided documents do not specify a pa...
CVE-2019-7580
ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admincategory/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection...
CVE-2019-6713
app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a fileputcontents call...
CVE-2019-6713
app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a fileputcontents call...
CVE-2019-6713
app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a fileputcontents call...
CVE-2019-6713
The CVE-2019-6713 entry describes a remote PHP code execution in ThinkCMF 5.0.190111 caused by app\admin\controller\RouteController.php. Web attackers can leverage vectors like portal/List/index and list/:id to inject code into data\conf\route.php, demonstrated via file_put_contents. Affected com...
File Inclusion Vulnerability in ThinkCMF 2.2.3 Frontend Plu*** File
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. A file inclusion vulnerability exists in the ThinkCMF 2.2.3 front-end Plu page. An attacker can exploit this vulnerability to write a webshell and obtain web privileges...
File Inclusion Vulnerability in ThinkCMF 2.2.3 Frontend Wid*** File
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. ThinkCMF 2.2.3 file inclusion vulnerability exists in the frontend Wid file. An attacker can exploit this vulnerability to write a webshell and obtain web privileges...
SQL Injection Vulnerability in ThinkCMF 2.2.3 cl***.php Page
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. A SQL injection vulnerability exists in the ThinkCMF 2.2.3 cl.php page. An attacker can exploit this vulnerability to obtain sensitive database information...
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
Sql injection
ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...
CVE-2018-19898
ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...
CVE-2018-19894
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...
Sql injection
ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
Sql injection
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
CVE-2018-19896
ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...
Sql injection
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...
CVE-2018-19896
ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...
CVE-2018-19894
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...