ThinkCMF X2.2.2 - Remote Code Execution

ThinkCMF X2.2.2 and below contain a remote code execution caused by processing crafted packets, letting attackers execute arbitrary code remotely, exploit requires sending malicious packets. id: CVE-2020-20601 info: name: ThinkCMF X2.2.2 - Remote Code Execution author: pikpikcu severity: critical...

CVE-2018-19897

ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...

CVE-2018-19898

ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...

CVE-2018-19894

ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...

CVE-2018-19896

ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...

VulnCheck KEV: CVE-2020-20601

An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet...

EUVD-2018-11568

Malware in sbrugna...

EUVD-2018-11569

Malware in sbrugna...

EUVD-2018-7996

Malware in sbrugna...

EUVD-2018-11572

Malware in sbrugna...

EUVD-2020-13386

Malware in sbrugna...

EUVD-2019-16271

Malware in sbrugna...

EUVD-2018-11570

Malware in sbrugna...

EUVD-2018-11571

Malware in sbrugna...

EUVD-2022-7684

Malicious code in bioql PyPI...

EUVD-2022-6158

Malicious code in bioql PyPI...

EUVD-2022-3097

Malicious code in bioql PyPI...

EUVD-2023-2203

Malicious code in bioql PyPI...

EUVD-2022-7546

Malicious code in bioql PyPI...

CVE-2024-31615

ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php...