EUVD-2021-2378

Malware in sbrugna...

CVE-2020-21176

SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...

CMSWing SQL Injection Vulnerability (CNVD-2022-84039)

CMSWing is an e-commerce platform and CMS builder based on ThinkJS and MySQL.A SQL injection vulnerability exists in CMSWing version 1.3.7, which stems from the lack of filtering escapes for SQL data in the behavior rules of the parameters. An attacker could use this vulnerability to execute...

CMSWing SQL注入漏洞

CMSWing is an e-commerce platform and CMS builder based on ThinkJS and MySQL.A SQL injection vulnerability exists in CMSWing version 1.3.7, which stems from the lack of filtering escapes for SQL data in the behavior rules of the parameters. An attacker could use this vulnerability to execute...

SQL Injection in thinkjs

SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...

@likenttt/waline-with-feishu (>=1.24.1 <=1.24.2), @waline/vercel (>=1.18.6 <=1.28.2) +11 more potentially affected by CVE-2020-21176 via thinkjs (>=0.1.29 <=3.2.14)

thinkjs NPM version =0.1.29, =1.24.1, =1.18.6, =0.0.2, =0.1.0, =2.1.8, =1.0.5, =1.0.0, =1.0.0, =1.0.1, =1.0.0, =0.0.0, =1.0.4 Source cves: CVE-2020-21176 Source advisory: OSV:GHSA-Q5MQ-6FJG-4MW8...

GHSA-Q5MQ-6FJG-4MW8 SQL Injection in thinkjs

SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...

CVE-2021-32736

think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes...

Input validation

think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes...

CVE-2021-32736 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in think-helper

think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes...

CVE-2021-32736

CVE-2021-32736 concerns prototype pollution in the ThinkJS helper package: think-helper versions prior to 1.1.3 accept input that can modify attributes of the object prototype, leading to potential pollution. The issue is caused by upstream input influencing initialization/update of object attrib...

ThinkJS 代码问题漏洞

ThinkJS is a Javascript-based and ES2015-enabled codebase for developing Node applications organized by ThinkJS. A code issue vulnerability exists in ThinkJS's think-helper, which stems from the component accepting input from upper-level groups for object initialization and modification without...

SQL Injection

thinkjs is vulnerable to SQL injection. An attacker is able to inject and execute arbitrary SQL statements as demonstrated by a blind SQL injection using sleep...

CMSWing SQL Injection Vulnerability (CNVD-2021-09500)

CMSWing is a ThinkJS-based e-commerce platform and CMS builder. CMSWing 1.3.8 suffers from a SQL injection vulnerability. The vulnerability stems from the updateAction function not checking the detail parameter. An attacker can exploit this vulnerability to execute arbitrary SQL commands via...

ThinkJS SQL Injection Vulnerability

ThinkJS is a Node.js framework for future-proof development that integrates a wide range of project best practices to make enterprise-level development easier and more efficient. A SQL injection vulnerability exists in the model.increment and model.decrease functions in ThinkJS 3.2.10. A remote...

CMSWing SQL Injection Vulnerability

CMSWing is a ThinkJS-based e-commerce platform and CMS builder. A SQL injection vulnerability exists in CMSWing 1.3.8. The vulnerability stems from the rechargeAction function not checking the balance parameter. An attacker can exploit this vulnerability to execute arbitrary SQL commands via...

CMSWing Code Execution Vulnerability

CMSWing is a ThinkJS-based e-commerce platform and CMS builder. A code execution vulnerability exists in CMSWing 1.3.8. The vulnerability stems from the log function not checking the log parameter. An attacker can exploit this vulnerability to execute arbitrary commands via malicious parameters...

CVE-2020-21176

SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...

CVE-2020-21176

SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...

Sql injection

SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...