Lucene search
K

149 matches found

OSV
OSV
added 2018/12/06 4:29 a.m.15 views

CVE-2018-19897

ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...

7.2CVSS8.2AI score
Exploits0References1
OSV
OSV
added 2018/12/06 4:29 a.m.15 views

CVE-2018-19894

ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...

7.2CVSS8.2AI score
Exploits0References1
OSV
OSV
added 2018/12/06 4:29 a.m.17 views

CVE-2018-19896

ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...

7.2CVSS8.2AI score
Exploits0References1
NVD
NVD
added 2018/12/06 4:29 a.m.17 views

CVE-2018-19895

ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...

7.2CVSS7.5AI score0.01326EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/06 4:0 a.m.16 views

CVE-2018-19898

ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...

9.1AI score0.01387EPSS
Exploits1References1
CVE
CVE
added 2018/12/06 4:0 a.m.46 views

CVE-2018-19897

CVE-2018-19897 refers to ThinkCMF X2.2.2, where there is a SQL injection in the function _listorders() within AdminbaseController.class.php. The vulnerability is exploitable by users with manager privileges via the listorders[key][1] parameter in a Link listorders action. Multiple connected sourc...

7.2CVSS7.5AI score0.01326EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/12/06 4:0 a.m.41 views

CVE-2018-19895

CVE-2018-19895 affects ThinkCMF X2.2.2 and is a SQL Injection vulnerability in the function edit_post() within NavController.class.php. The issue can be exploited by users with manager/administrator privileges through the parentid parameter in a navigation action. Publicly documented details conf...

7.2CVSS7.5AI score0.01326EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/12/06 4:0 a.m.43 views

CVE-2018-19898

ThinkCMF X2.2.2 is affected by an SQL injection in the edit_post action of ArticleController.class.php. The vulnerability is exploitable by normal authenticated users via the post[id][1] parameter when editing an article. Multiple connected documents (NVD, Red Hat, OSV, CVE lists, CNVD, and other...

8.8CVSS9.1AI score0.01387EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/12/06 4:0 a.m.44 views

CVE-2018-19896

ThinkCMF X2.2.2 is affected by a SQL injection via delete() in SlideController.class.php, exploitable with manager/admin privileges through the ids[] parameter in a slide action. Connected sources confirm the vulnerability details but do not provide a patch/version remediation in the documents. N...

7.2CVSS7.5AI score0.01326EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/12/06 4:0 a.m.41 views

CVE-2018-19894

ThinkCMF X2.2.2 is affected by an SQL Injection via the functions check() and delete() in CommentadminController.class.php. The vulnerability can be exploited by an attacker with manager/administrator privileges through the ids[] parameter in a commentadmin action. This leads to injection in the ...

7.2CVSS7.5AI score0.01326EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/12/06 4:0 a.m.19 views

CVE-2018-19895

ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...

7.6AI score0.01326EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/06 4:0 a.m.20 views

CVE-2018-19897

ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...

7.6AI score0.01326EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/06 4:0 a.m.21 views

CVE-2018-19894

ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...

7.6AI score0.01326EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/06 4:0 a.m.21 views

CVE-2018-19896

ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...

7.6AI score0.01326EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/06 12:0 a.m.1 views

ThinkCMF SQL Injection Vulnerability (CNVD-2019-07958)

ThinkCMF is a Chinese content management framework based on PHP+MYSQL. The listorders function in AdminbaseController.class.php in ThinkCMF X2.2.2 has a SQL injection vulnerability that can be exploited by users with administrator privileges via the listorderskey1 parameter in the Link listorders...

7.2CVSS8.2AI score0.01326EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/06 12:0 a.m.2 views

ThinkCMF SQL Injection Vulnerability (CNVD-2019-07960)

ThinkCMF is a Chinese content management framework based on PHP+MYSQL. An SQL injection vulnerability exists in the editpost function in NavController.class.php in ThinkCMF X2.2.2, which can be exploited by users with administrator privileges to perform SQL injection attacks via the parentid...

7.2CVSS8.1AI score0.01326EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/06 12:0 a.m.2 views

ThinkCMF SQL Injection Vulnerability (CNVD-2019-07961)

ThinkCMF is a Chinese content management framework based on PHP+MYSQL. The check and delete functions in CommentadminController.class.php in ThinkCMF X2.2.2 are vulnerable to SQL injection, which can be exploited by users with administrator privileges via the ids parameter in the commentadmin...

7.2CVSS7.6AI score0.01326EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/06 12:0 a.m.2 views

ThinkCMF SQL Injection Vulnerability (CNVD-2019-07959)

ThinkCMF is a Chinese content management framework based on PHP+MYSQL. A SQL injection vulnerability exists in the delete function in SlideController.class.php in ThinkCMF X2.2.2, which can be exploited by users with administrator privileges via the ids parameter in the slide operation...

7.2CVSS8.2AI score0.01326EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/06 12:0 a.m.3 views

ThinkCMF SQL Injection Vulnerability

ThinkCMF is a Chinese content management framework based on PHP+MYSQL. An SQL injection vulnerability exists in the editpost method in ArticleController.class.php in ThinkCMF X2.2.2, which can be exploited by a normal authenticated user to perform a SQL injection attack via the postid1 parameter ...

8.8CVSS7.9AI score0.01387EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/03 12:0 a.m.4 views

ThinkCMF Arbitrary File Deletion Vulnerability

ThinkCMF is a CMS Content Management System based on ThinkPHP. An arbitrary file deletion vulnerability exists in the 'doavatar' function in the \application\User\Controller\ProfileController.class.php file in ThinkCMF version X2.2.3. An attacker can delete arbitrary files with the help of the...

6.5CVSS6.7AI score0.00939EPSS
Exploits1References1
Rows per page
Query Builder