EyouCms 跨站脚本漏洞

EyouCms is an open source content management system CMS based on ThinkPHP. A cross-site scripting vulnerability exists in EyouCms version V1.6.1-UTF8-sp1. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...

SIYUCMS suffers from an arbitrary file deletion vulnerability (CNVD-2023-50754)

SIYUCMS is a content management system based on the latest version of ThinkPHP-5.1.X framework with AdminLTE in the backend front-end framework. SIYUCMS suffers from an arbitrary file deletion vulnerability, which can be exploited by an attacker to delete arbitrary files...

tpAdmin 代码问题漏洞

tpAdmin is a management backend based on ThinkPHP5. A code issue vulnerability exists in yuan1994 tpAdmin version 1.3.12, which stems from an incorrect manipulation of the parameter url leading to server-side request forgery...

Hsycms 跨站脚本漏洞

Hsycms is a content management system CMS based on ThinkPHP. The system has features such as in-site linking, sitemap, full-site pseudo-static and custom URL URLs. A cross-site scripting vulnerability exists in Hsycms version 3.1, which stems from a security issue in the file controllercate.php i...

OneKeyAdmin 跨站脚本漏洞

OneKeyAdmin is About plug-in management system based on Thinkphp6+Element, website, applets, malls, CMS, APP, ERP, API interface a system to get it all done, no scaffolding out of the box! A security vulnerability exists in OneKeyAdmin v1.3.9, which stems from a stored cross-site scripting XSS...

OneKeyAdmin 跨站脚本漏洞

OneKeyAdmin is About plug-in management system based on Thinkphp6+Element, website, applets, malls, CMS, APP, ERP, API interface a system to get it all done, no scaffolding out of the box! A security vulnerability exists in OneKeyAdmin v1.3.9, which stems from a stored cross-site scripting XSS...

FunAdmin SQL注入漏洞

FunAdmin is FunAdmin open source based on ThinkPHP6+Layui development of a lightweight high-profile back-end development system . FunAdmin v3.2.0 version of the existence of security vulnerabilities , the vulnerability stems from the existence of SQL injection via the /databases/table/list id...

OneKeyAdmin 安全漏洞

OneKeyAdmin is About plug-in management system based on Thinkphp6+Element, website, applets, malls, CMS, APP, ERP, API interface a system to get it all done, no scaffolding out of the box! OneKeyAdmin v1.3.9 version of the existence of security vulnerabilities , the vulnerability stems from the...

FunAdmin SQL注入漏洞

FunAdmin is FunAdmin open source based on ThinkPHP6 + Layui development of a lightweight high-profile back-end development system . Funadmin version 3.2.0 there is a security vulnerability , the vulnerability stems from the memberMemberLevel.php selectFields parameter found to contain SQL injecti...

OneKeyAdmin 跨站脚本漏洞

OneKeyAdmin is About plug-in management system based on Thinkphp6+Element, website, applet, mall, CMS, APP, ERP, API interface a system to get it all done, no scaffolding out of the box! A security vulnerability exists in OneKeyAdmin version 1.3.9, which stems from the discovery of a stored...

DolphinPHP 操作系统命令注入漏洞

DolphinPHP is an open source Php rapid development framework based on ThinkPhp 5.1.34 Lts. An OS command injection vulnerability exists in DolphinPHP version 1.5.1 and earlier versions, which stems from incorrect manipulation of the parameter id leading to os command injection...

Deserialization of Untrusted Data in thinkphp

thinkphp 6.0.06.0.13 and 6.1.06.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

GHSA-J2H2-G882-X9J2 Deserialization of Untrusted Data in thinkphp

thinkphp 6.0.06.0.13 and 6.1.06.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

CVE-2022-45982

thinkphp 6.0.06.0.13 and 6.1.06.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

CVE-2022-45982

thinkphp 6.0.06.0.13 and 6.1.06.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

Deserialization of untrusted data

thinkphp 6.0.06.0.13 and 6.1.06.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

CVE-2022-45982

thinkphp 6.0.06.0.13 and 6.1.06.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

ThinkPHP 代码问题漏洞

Top Think Information Technology ThinkPHP is a PHP-based, open source, lightweight web application development framework from China's Top Think Information Technology. A security vulnerability exists in ThinkPHP versions 6.0.0 through 6.0.13 and 6.1.0 through 6.1.1, which stems from...

PT-2023-14805

Name of the Vulnerable Software and Affected Versions: thinkphp versions 6.0.0 through 6.0.13 thinkphp versions 6.1.0 through 6.1.1 Description: The issue allows attackers to execute arbitrary code via a crafted payload, exploiting a deserialization vulnerability. This can be achieved by sending ...

EyouCMS 跨站脚本漏洞

Zanzan Network Technology EyouCms EyouCMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCMS v1.6.0. An attacker exploited the vulnerability to execute arbitrary code via the homepage description on the...