149 matches found
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
CVE-2018-19894
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...
CVE-2018-19896
ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...
CVE-2018-19895
ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...
CVE-2018-19898
ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...
CVE-2018-19897
CVE-2018-19897 refers to ThinkCMF X2.2.2, where there is a SQL injection in the function _listorders() within AdminbaseController.class.php. The vulnerability is exploitable by users with manager privileges via the listorders[key][1] parameter in a Link listorders action. Multiple connected sourc...
CVE-2018-19895
CVE-2018-19895 affects ThinkCMF X2.2.2 and is a SQL Injection vulnerability in the function edit_post() within NavController.class.php. The issue can be exploited by users with manager/administrator privileges through the parentid parameter in a navigation action. Publicly documented details conf...
CVE-2018-19898
ThinkCMF X2.2.2 is affected by an SQL injection in the edit_post action of ArticleController.class.php. The vulnerability is exploitable by normal authenticated users via the post[id][1] parameter when editing an article. Multiple connected documents (NVD, Red Hat, OSV, CVE lists, CNVD, and other...
CVE-2018-19896
ThinkCMF X2.2.2 is affected by a SQL injection via delete() in SlideController.class.php, exploitable with manager/admin privileges through the ids[] parameter in a slide action. Connected sources confirm the vulnerability details but do not provide a patch/version remediation in the documents. N...
CVE-2018-19894
ThinkCMF X2.2.2 is affected by an SQL Injection via the functions check() and delete() in CommentadminController.class.php. The vulnerability can be exploited by an attacker with manager/administrator privileges through the ids[] parameter in a commentadmin action. This leads to injection in the ...
CVE-2018-19895
ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
CVE-2018-19894
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...
CVE-2018-19896
ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...
ThinkCMF SQL Injection Vulnerability (CNVD-2019-07958)
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. The listorders function in AdminbaseController.class.php in ThinkCMF X2.2.2 has a SQL injection vulnerability that can be exploited by users with administrator privileges via the listorderskey1 parameter in the Link listorders...
ThinkCMF SQL Injection Vulnerability (CNVD-2019-07960)
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. An SQL injection vulnerability exists in the editpost function in NavController.class.php in ThinkCMF X2.2.2, which can be exploited by users with administrator privileges to perform SQL injection attacks via the parentid...
ThinkCMF SQL Injection Vulnerability (CNVD-2019-07961)
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. The check and delete functions in CommentadminController.class.php in ThinkCMF X2.2.2 are vulnerable to SQL injection, which can be exploited by users with administrator privileges via the ids parameter in the commentadmin...
ThinkCMF SQL Injection Vulnerability (CNVD-2019-07959)
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. A SQL injection vulnerability exists in the delete function in SlideController.class.php in ThinkCMF X2.2.2, which can be exploited by users with administrator privileges via the ids parameter in the slide operation...
ThinkCMF SQL Injection Vulnerability
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. An SQL injection vulnerability exists in the editpost method in ArticleController.class.php in ThinkCMF X2.2.2, which can be exploited by a normal authenticated user to perform a SQL injection attack via the postid1 parameter ...
ThinkCMF Arbitrary File Deletion Vulnerability
ThinkCMF is a CMS Content Management System based on ThinkPHP. An arbitrary file deletion vulnerability exists in the 'doavatar' function in the \application\User\Controller\ProfileController.class.php file in ThinkCMF version X2.2.3. An attacker can delete arbitrary files with the help of the...