3 matches found
CVE-2019-6713
app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a fileputcontents call...
CVE-2019-6713
app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a fileputcontents call...
CVE-2019-6713
The CVE-2019-6713 entry describes a remote PHP code execution in ThinkCMF 5.0.190111 caused by app\admin\controller\RouteController.php. Web attackers can leverage vectors like portal/List/index and list/:id to inject code into data\conf\route.php, demonstrated via file_put_contents. Affected com...