ThinkCMF SQL Injection Vulnerability
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. An SQL injection vulnerability exists in the editpost method in ArticleController.class.php in ThinkCMF X2.2.2, which can be exploited by a normal authenticated user to perform a SQL injection attack via the postid1 parameter ...