DaiCuo 安全漏洞

DaiCuo DaiCuo is an adaptive backend management framework based on ThinkPHP, Bootstrap and Jquery by China-based DaiCuo. A security vulnerability exists in DaiCuo 1.3.13 and earlier versions, which stems from a cross-site request forgery due to incorrect operation of the file /admin.php/addon/ind...

CVE-2022-25481

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode...

ThinkAdmin 代码问题漏洞

ThinkAdmin is ThinkAdmin open source a set of general purpose backend management system based on ThinkPHP framework. A code issue vulnerability exists in ThinkAdmin 6.1.67 and earlier versions, which stems from improper handling of the parameter uptoken, leading to deserialization...

EyouCms 安全漏洞

EyouCms is an open source content management system CMS based on ThinkPHP by China's Eyou Eyou. A security vulnerability exists in EyouCMS v1.6.7, which originated from allowing remote attackers to obtain sensitive information by scripting the post parameters...

wtcms 安全漏洞

wtcms is a ThinkPHP-based content management system CMS by Taosir Personal Developer. A security vulnerability exists in version 1.0 of wtcms, which stems from vulnerability to a false access control attack in the file CommonControllerHomebaseController.class.php...

ThinkAdmin Code Execution Vulnerability

ThinkAdmin is a general purpose backend management system based on the ThinkPHP framework. A security vulnerability exists in ThinkAdmin version v6.1.53, which originates from allowing arbitrary file uploads. An attacker can exploit the vulnerability to execute arbitrary code via a specially...

tp5cms 跨站脚本漏洞

tp5cms is a cms framework based on thinkphp5 by fmsdwifull individual developer. A cross-site scripting vulnerability exists in tp5cms, which stems from the presence of XSS in the keywords parameter of admin.php/system/set.html...

EyouCms 跨站脚本漏洞

EyouCms is an open source content management system CMS based on ThinkPHP. A cross-site scripting vulnerability exists in EyouCms version V1.6.1-UTF8-sp1. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...

tpAdmin 代码问题漏洞

tpAdmin is a management backend based on ThinkPHP5. A code issue vulnerability exists in yuan1994 tpAdmin version 1.3.12, which stems from an incorrect manipulation of the parameter url leading to server-side request forgery...

FunAdmin SQL注入漏洞

FunAdmin is FunAdmin open source based on ThinkPHP6+Layui development of a lightweight high-profile back-end development system . FunAdmin v3.2.0 version of the existence of security vulnerabilities , the vulnerability stems from the existence of SQL injection via the /databases/table/list id...

Design/Logic Flaw

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

PT-2022-28094

Name of the Vulnerable Software and Affected Versions ThinkPHP Framework versions prior to 6.0.14 Description The issue allows local file inclusion via the lang parameter when the language pack feature is enabled lang switch on=true. An unauthenticated and remote attacker can exploit this to...

CVE-2022-47945

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

CVE-2022-47945

ThinkPHP Framework versions before 6.0.14 are vulnerable to local file inclusion via the lang parameter when lang_switch_on=true. An unauthenticated, remote attacker can exploit this to run arbitrary OS commands (illustrated by including pearcmd.php). Affected component: ThinkPHP language-pack/LF...

72crm 代码问题漏洞

72crm is China's 72crm open source based on TP5.0 + ElementUI of the former CRMvueCRM system . 72crm 9.0 version has a security vulnerability , the vulnerability stems from the existence of arbitrary file upload vulnerability...

DolphinPHP 跨站脚本漏洞

DolphinPhp is a set of Php rapid development framework based on ThinkPhp 5.1.34 Lts. A cross-site scripting vulnerability exists in DolphinPHP 1.5.0 and prior versions, which stems from the program's lack of data validation filtering of user-supplied and output data. An attacker could exploit the...

CVE-2022-25481

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode...

CVE-2022-25481

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode...

PT-2022-17318

Name of the Vulnerable Software and Affected Versions: ThinkPHP Framework version 5.0.24 Description: The ThinkPHP Framework was discovered to be configured without the PATHINFO parameter, allowing attackers to access all system environment parameters from index.php. It is noted that this issue i...

Workerman-ThinkPHP-Redis Cross-Site Scripting Vulnerability

Workerman-ThinkPHP-Redis is an open source project consisting of the Workerman framework, the ThinkPHP framework, and Redis.Workerman-ThinkPHP-Redis is vulnerable to a cross-site scripting vulnerability that originates in the file Controller.class.php, where the exit function will terminate the...