Lucene search
K

149 matches found

CVE
CVE
added 2019/02/07 5:0 p.m.50 views

CVE-2019-7580

ThinkCMF 5.0.190111 is vulnerable to remote code execution via the portal/admin_category/addpost.html alias parameter, caused by mishandling of a single quote that allows data/conf/route.php injection. Red Hat and other records confirm CVE-2019-7580, but the provided documents do not specify a pa...

8.8CVSS9.1AI score0.09935EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2019/02/07 5:0 p.m.30 views

CVE-2019-7580

ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admincategory/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection...

9.2AI score0.09935EPSS
Exploits3References2
NVD
NVD
added 2019/01/23 9:29 p.m.17 views

CVE-2019-6713

app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a fileputcontents call...

9.8CVSS9.6AI score0.02365EPSS
Exploits0References2
OSV
OSV
added 2019/01/23 9:29 p.m.8 views

CVE-2019-6713

app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a fileputcontents call...

9.8CVSS7.8AI score
Exploits0References2
Cvelist
Cvelist
added 2019/01/23 9:0 p.m.28 views

CVE-2019-6713

app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a fileputcontents call...

9.7AI score0.02365EPSS
Exploits0References2
CVE
CVE
added 2019/01/23 9:0 p.m.46 views

CVE-2019-6713

The CVE-2019-6713 entry describes a remote PHP code execution in ThinkCMF 5.0.190111 caused by app\admin\controller\RouteController.php. Web attackers can leverage vectors like portal/List/index and list/:id to inject code into data\conf\route.php, demonstrated via file_put_contents. Affected com...

9.8CVSS9.6AI score0.02365EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/12/09 12:0 a.m.3 views

File Inclusion Vulnerability in ThinkCMF 2.2.3 Frontend Plu*** File

ThinkCMF is a Chinese content management framework based on PHP+MYSQL. A file inclusion vulnerability exists in the ThinkCMF 2.2.3 front-end Plu page. An attacker can exploit this vulnerability to write a webshell and obtain web privileges...

6.9AI score
Exploits0
CNVD
CNVD
added 2018/12/09 12:0 a.m.2 views

File Inclusion Vulnerability in ThinkCMF 2.2.3 Frontend Wid*** File

ThinkCMF is a Chinese content management framework based on PHP+MYSQL. ThinkCMF 2.2.3 file inclusion vulnerability exists in the frontend Wid file. An attacker can exploit this vulnerability to write a webshell and obtain web privileges...

6.9AI score
Exploits0
CNVD
CNVD
added 2018/12/09 12:0 a.m.2 views

SQL Injection Vulnerability in ThinkCMF 2.2.3 cl***.php Page

ThinkCMF is a Chinese content management framework based on PHP+MYSQL. A SQL injection vulnerability exists in the ThinkCMF 2.2.3 cl.php page. An attacker can exploit this vulnerability to obtain sensitive database information...

7.8AI score
Exploits0
OSV
OSV
added 2018/12/06 4:29 a.m.15 views

CVE-2018-19897

ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...

7.2CVSS8.2AI score
Exploits0References1
Prion
Prion
added 2018/12/06 4:29 a.m.15 views

Sql injection

ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...

6.5CVSS9AI score0.01387EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/12/06 4:29 a.m.16 views

CVE-2018-19898

ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...

8.8CVSS9.1AI score0.01387EPSS
Exploits1References1
NVD
NVD
added 2018/12/06 4:29 a.m.20 views

CVE-2018-19894

ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...

7.2CVSS7.5AI score0.01326EPSS
Exploits1References1
Prion
Prion
added 2018/12/06 4:29 a.m.13 views

Sql injection

ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...

6.5CVSS7.5AI score0.01326EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/12/06 4:29 a.m.15 views

CVE-2018-19897

ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...

7.2CVSS7.5AI score0.01326EPSS
Exploits1References1
Prion
Prion
added 2018/12/06 4:29 a.m.11 views

Sql injection

ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...

6.5CVSS7.5AI score0.01326EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/12/06 4:29 a.m.54 views

CVE-2018-19896

ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...

7.2CVSS7.5AI score0.01326EPSS
Exploits1References1
Prion
Prion
added 2018/12/06 4:29 a.m.15 views

Sql injection

ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...

6.5CVSS7.5AI score0.01326EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/12/06 4:29 a.m.16 views

CVE-2018-19896

ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...

7.2CVSS8.2AI score
Exploits0References1
OSV
OSV
added 2018/12/06 4:29 a.m.15 views

CVE-2018-19894

ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...

7.2CVSS8.2AI score
Exploits0References1
Rows per page
Query Builder