Lucene search
K

149 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:40 a.m.8 views

CVE-2022-40849

ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...

5.4CVSS5.7AI score0.00394EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:39 p.m.7 views

CVE-2022-40489

ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery CSRF vulnerability that allows a Super Administrator user to be injected into administrative users...

8.8CVSS8.4AI score0.00343EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:5 p.m.7 views

CVE-2020-20601

An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet...

9.8CVSS7.8AI score0.07598EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:55 p.m.7 views

CVE-2020-18151

Cross Site Request Forgery CSRF vulnerability in ThinkCMF v5.1.0, which can add an admin account...

6.5CVSS7AI score0.00473EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:23 p.m.8 views

CVE-2020-25915

Cross Site Scripting XSS vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted userlogin...

5.4CVSS6.3AI score0.00418EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:50 a.m.8 views

CVE-2019-7580

ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admincategory/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection...

8.8CVSS7.9AI score0.09935EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:45 a.m.5 views

CVE-2018-19895

ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...

7.2CVSS8.3AI score0.01326EPSS
Exploits1References1
Veracode
Veracode
added 2024/04/26 7:32 a.m.17 views

Unrestricted Upload Of File With Dangerous Type

thinkcmf/thinkcmf vulnerable to Unrestricted Upload of File with Dangerous Type. The vulnerability is due to insufficient validation of file extensions during the upload process in UeditorController.php. This flaw allows an attacker to execute arbitrary code via uploaded malicious files...

9.8CVSS7.7AI score0.00712EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/04/25 8:15 p.m.10 views

CVE-2024-31615

ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php...

9.8CVSS6.6AI score0.00712EPSS
Exploits1References1
OSV
OSV
added 2024/04/25 8:15 p.m.6 views

CVE-2024-31615

ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php...

9.8CVSS6.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.6 views

PT-2024-24155 · Thinkcmf · Thinkcmf

Name of the Vulnerable Software and Affected Versions: ThinkCMF version 6.0.9 Description: The issue concerns a file upload vulnerability via the UeditorController.php. Recommendations: For ThinkCMF version 6.0.9, consider disabling the file upload functionality via UeditorController.php until a...

9.8CVSS7.3AI score0.00712EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/04/25 12:0 a.m.13 views

CVE-2024-31615

ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php...

6.8AI score0.00712EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/25 12:0 a.m.14 views

CVE-2024-31615

ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php...

6.9AI score0.00712EPSS
Exploits1References1
CVE
CVE
added 2024/04/25 12:0 a.m.54 views

CVE-2024-31615

ThinkCMF 6.0.9 is vulnerable to an Unrestricted Upload of File with Dangerous Type via UeditorController.php. The issue allows uploading arbitrary files, enabling potential remote code execution; impact is described as high (CVE-2024-31615) with no explicit exploit details provided in the initial...

9.8CVSS6.8AI score0.00712EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.4 views

ThinkCMF 安全漏洞

ThinkCMF is a CMS Content Management System based on ThinkPHP. A security vulnerability exists in ThinkCMF version 6.0.9, which stems from a file upload vulnerability in UeditorController.php...

9.8CVSS7AI score0.00712EPSS
Exploits1References2
Veracode
Veracode
added 2023/08/15 4:1 a.m.14 views

Stored Cross-Site Scripting (XSS)

thinkcmf/thinkcmf is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability is due to a lack of sanitization in the userlogin parameter in the /admin/user/addpost endpoint, allowing an attacker to inject and execute malicious javascript on a victim's browser...

5.4CVSS6AI score0.00418EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2023/08/15 12:0 a.m.11 views

ThinkCMF Cross-Site Scripting Vulnerability

ThinkCMF is a CMS Content Management System based on ThinkPHP. A cross-site scripting vulnerability exists in ThinkCMF version 5.1.5, which stems from the lack of effective filtering and escaping of user-supplied data in the file UserController.php, and can be exploited by an attacker to execute...

5.4CVSS6.7AI score0.00418EPSS
Exploits0References1
OSV
OSV
added 2023/08/11 3:30 p.m.21 views

GHSA-4847-GQXX-V9XP ThinkCMF Cross-site Scripting Vulnerability

Cross Site Scripting XSS vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted userlogin...

5.4CVSS5.3AI score0.00418EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/08/11 3:30 p.m.29 views

ThinkCMF Cross-site Scripting Vulnerability

Cross Site Scripting XSS vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted userlogin...

5.4CVSS6.8AI score0.00418EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/08/11 2:15 p.m.69 views

CVE-2020-25915

Cross Site Scripting XSS vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted userlogin...

5.4CVSS5.4AI score0.00418EPSS
Exploits0References1
Rows per page
Query Builder