ThinkCMF SQL Injection Vulnerability (CNVD-2019-07958)
ThinkCMF is a Chinese content management framework based on PHP+MYSQL. The listorders function in AdminbaseController.class.php in ThinkCMF X2.2.2 has a SQL injection vulnerability that can be exploited by users with administrator privileges via the listorderskey1 parameter in the Link listorders...