CVE-2018-16385

ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...

CVE-2018-16385

ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...

CVE-2018-16385

ThinkPHP (PHP framework) is vulnerable to SQL injection in all versions before 5.1.23. The flaw allows a remote attacker to inject SQL via the public/index/index/test/index query string, potentially compromising database integrity and confidentiality. Affected product/version: ThinkPHP prior to 5...

ThinkPHP SQL Injection Vulnerability (CNVD-2019-17159)

ThinkPHP is an open source, lightweight PHP-based web application development framework. A SQL injection vulnerability exists in ThinkPHP versions prior to 5.1.23. The vulnerability stems from the program not correctly filtering the key value of an array, which can be exploited by a remote attack...

ThinkPHP 3.X/5.X order by injection vulnerability

ThinkPHP is a lightweight PHP development framework. A security vulnerability exists in ThinkPHP. The vulnerability is due to ThinkPHP in the processing of order by sorting, when the sorting parameters are controllable and associated arrays key-value, the framework does not make security filterin...

tp5cms Cross-site Scripting Vulnerability

tp5cms is a content management system CMS framework written in the PHP language and based on technologies such as ThinkPHP, swiper and bootstrap. A cross-site scripting vulnerability exists in tp5cms 2017-05-25 and earlier versions. A remote attacker can exploit this vulnerability to inject...

tp5cms Cross-Site Request Forgery Vulnerability

tp5cms is a content management system CMS framework written in the PHP language and based on technologies such as ThinkPHP, swiper and bootstrap. A cross-site request forgery vulnerability exists in tp5cms 2017-05-25 and earlier versions. A remote attacker can exploit this vulnerability to delete...

OneThink Cross-Site Request Forgery Vulnerability

Onethink is a ThinkPHP-based content management framework for web development . A cross-site request forgery vulnerability exists in the admin.php?s=/AuthManager/addToGroup.html page in OneThink version 1.1. A remote attacker can exploit this vulnerability to gain administrator privileges...

OneThink Cross-Site Request Forgery Vulnerability (CNVD-2018-14976)

Onethink is a ThinkPHP-based content management framework for web development . A cross-site request forgery vulnerability exists in the admin.php?s=/User/add.html page in OneThink version 1.1. A remote attacker can exploit this vulnerability to add users...

Arbitrary File Deletion Vulnerability in GreenCMS Backend

GreenCMS is an open source content management system written in PHP by Green Shade Studio, which is based on ThinkPHP, the most popular PHP development framework in China. GreenCMS background there are any file deletion vulnerability , attackers can use the vulnerability to delete any file...

efucms website builder system has cross-site scripting vulnerability

efucms is an easy-to-use content management system based on ThinkPHP. There is an xss vulnerability in efucms website builder system, which can be exploited by attackers to steal administrator cookies and fake administrator privilege login...

Code Execution Vulnerability in efucms Website Builder System

efucms is an easy-to-use content management system based on ThinkPHP. Code execution vulnerability exists in efucms website builder system, which can be exploited by attackers to execute arbitrary code...

GreenCMS Cross-Site Request Forgery Vulnerability

GreenCMS is a content management system CMS based on ThinkPHP. A cross-site request forgery vulnerability exists in GreenCMS version 2.3.0603. A remote attacker can add an administrator account with the help of the index.php?m=admin&c=access&a=adduserhandle URL...

GreenCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-13895)

GreenCMS is a content management system CMS based on ThinkPHP. A cross-site request forgery vulnerability exists in GreenCMS version 2.3.0603. A remote attacker can exploit this vulnerability by sending the 'content' parameter to the index.php?m=admin&c=media&a=fileconnect URL to execute arbitrar...

GreenCMS Arbitrary File Download Vulnerability

GreenCMS is a content management system CMS based on ThinkPHP. An arbitrary file download vulnerability exists in GreenCMS version 2.3.0603. An attacker can download arbitrary files with the help of index.php?m=admin&c=media&a=downfile URI...

LFCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-14218)

LFCMS is a video-on-demand system based on ThinkPHP and MySQL. A cross-site request forgery vulnerability exists in LFCMS version 3.7.0. A remote attacker can exploit this vulnerability to arbitrarily add users...

LFCMS Cross-Site Request Forgery Vulnerability

LFCMS is a PHP based on THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. LFCMS 3.7.0 admin.php cross-site request forgery vulnerability exists. Remote attackers can use this vulnerability to hijack...

GreenCMS Information Disclosure Vulnerability

GreenCMS is a content management system CMS based on ThinkPHP. A security vulnerability exists in GreenCMS version 2.3.0603. A remote attacker can exploit the vulnerability by sending a direct request to the Data/Log/yearmonthday.log file to obtain sensitive information...

ArticleCMS Cross-Site Scripting Vulnerability

ArticleCMS is a responsive content management system CMS built on Bootstrap and ThinkPHP. The system is mainly used for the management of users and articles in the background. A cross-site scripting vulnerability exists in ArticleCMS 2017-02-19 and earlier versions. A remote attacker can exploit...

SQL Injection Vulnerability in ThinkCMF

ThinkCMF is a Chinese Content Management Framework CMF based on ThinkPHP+MYSQL. ThinkCMF has a SQL injection vulnerability , attackers can exploit the vulnerability to obtain sensitive database data...