6 matches found
CVE-2018-19896
ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...
CVE-2018-19894
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...
CVE-2018-19895
ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...
CVE-2018-19894
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...
CVE-2018-19896
ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...