2 matches found
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
ThinkCMF SQL Injection Vulnerability (CNVD-2019-07958)
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. The listorders function in AdminbaseController.class.php in ThinkCMF X2.2.2 has a SQL injection vulnerability that can be exploited by users with administrator privileges via the listorderskey1 parameter in the Link listorders...