CVE-2018-19894

ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...

CVE-2025-13783

A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminController. The manipulation of the argument...

CVE-2025-13783

A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminController. The manipulation of the argument...

CVE-2025-13783 taosir WTCMS CommentadminController CommentadminController.class.php delete sql injection

A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminController. The manipulation of the argument...

CVE-2025-13783

CVE-2025-13783 affects taosir WTCMS (CommentadminController) via SQL injection in the check/uncheck/delete path of application/Comment/Controller/CommentadminController.class.php. A remote attacker could exploit by manipulating the ids argument; exploits have been publicly released. Affected vers...

EUVD-2018-11568

Malware in sbrugna...

EUVD-2020-13390

Malware in sbrugna...

CVE-2020-20605

Blog CMS v1.0 contains a cross-site scripting XSS vulnerability in the /controller/CommentAdminController.java component...

Cross site scripting

Blog CMS v1.0 contains a cross-site scripting XSS vulnerability in the /controller/CommentAdminController.java component...

CVE-2020-20605

Blog CMS v1.0 contains a cross-site scripting XSS vulnerability in the /controller/CommentAdminController.java component...

BlogCMS 跨站脚本漏洞

BlogCMS is a PHP and MySQL based blogging system by the individual developer Pramod Mahato in India. A security vulnerability exists in BlogCMS v1.0, which originates from the /controller/CommentAdminController.java component. The vulnerability can be exploited by an attacker to perform cross-sit...

CVE-2018-19894

ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...

Sql injection

ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...

CVE-2018-19894

ThinkCMF X2.2.2 is affected by an SQL Injection via the functions check() and delete() in CommentadminController.class.php. The vulnerability can be exploited by an attacker with manager/administrator privileges through the ids[] parameter in a commentadmin action. This leads to injection in the ...

CVE-2018-19894

ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...

ThinkCMF SQL Injection Vulnerability (CNVD-2019-07961)

ThinkCMF is a Chinese content management framework based on PHP+MYSQL. The check and delete functions in CommentadminController.class.php in ThinkCMF X2.2.2 are vulnerable to SQL injection, which can be exploited by users with administrator privileges via the ids parameter in the commentadmin...