821 matches found
PT-2025-31939 · Thinkphp · Thinkphp
Name of the Vulnerable Software and Affected Versions: thinkphp version 5.1 Description: An issue in thinkphp version 5.1 allows a remote attacker to execute arbitrary code via the routecheck function. This flaw enables remote, unauthenticated users to include files and run code. Recommendations:...
VulnCheck KEV: CVE-2022-47945
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...
EyouCMS Deserialization Vulnerability
EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP. EyouCMS version 1.6.5 has a deserialization vulnerability, the vulnerability stems from the unsafe deserialization of the parameter channelid of the file /login.php in the receipt of user-submitted serialized data...
EyouCMS 代码问题漏洞
EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP. EyouCMS version 1.6.5 has a deserialization vulnerability, the vulnerability stems from the unsafe deserialization of the parameter channelid of the file /login.php in the receipt of user-submitted serialized data...
EyouCms Security Vulnerability
Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCms v1.6.4, which stems from the existence of a PHP file inclusion vulnerability...
EyouCms Cross-Site Scripting Vulnerability
Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A cross-site scripting vulnerability exists in EyouCms v.1.6.5, which stems from a cross-site scripting vulnerability in the numr parameter that allows...
GreenCMS Cross-Site Scripting Vulnerability
GreenCMS is a content management system CMS developed on ThinkPHP. A cross-site scripting vulnerability exists in GreenCMS v2.3, which originated from a vulnerability that allows attackers to execute arbitrary web script or HTML via a specially crafted payload...
Exploit for Path Traversal in Thinkphp
redtail While analyzing my daily access.log report, I noticed...
ThinkAdmin Code Execution Vulnerability
ThinkAdmin is a general purpose backend management system based on the ThinkPHP framework. A security vulnerability exists in ThinkAdmin version v6.1.53, which originates from allowing arbitrary file uploads. An attacker can exploit the vulnerability to execute arbitrary code via a specially...
gougucms Security Vulnerabilities
gougucms gougucms CMS is a Chinese hook open source open source based on ThinkPHP6 Layui MySql to create a lightweight general-purpose back-end management framework . gougucms v4.08.18 version of a security vulnerability , the vulnerability stems from allowing an attacker to arbitrarily reset the...
Exploit for CVE-2013-0422
K8tools 20190727 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...
ThinkCMF Cross-Site Scripting Vulnerability
ThinkCMF is a CMS Content Management System based on ThinkPHP. A cross-site scripting vulnerability exists in ThinkCMF version 5.1.5, which stems from the lack of effective filtering and escaping of user-supplied data in the file UserController.php, and can be exploited by an attacker to execute...
EyouCms 安全漏洞
Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCms version 1.6.3, which originates from an information leakage vulnerability in the component recruit.filelist.t...
GreenCMS 跨站请求伪造漏洞
GreenCMS is a content management system CMS developed on ThinkPHP. A cross-site request forgery vulnerability exists in GreenCMS v.2.3, which originates from a vulnerability that allows an attacker to gain system privileges via the adduser function in index.php...
EyouCms 跨站脚本漏洞
Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCms version 1.6.2, which stems from a stored cross-site scripting XSS vulnerability...
tp5cms 跨站脚本漏洞
tp5cms is a cms framework based on thinkphp5 by fmsdwifull individual developer. A cross-site scripting vulnerability exists in tp5cms, which stems from the presence of XSS in the keywords parameter of admin.php/system/set.html...
EyouCMS Cross-Site Scripting Vulnerability (CNVD-2023-49807)
EyouCms is an open source content management system CMS based on ThinkPHP by Hainan Zanzan Network Technology Co. A cross-site scripting vulnerability exists in EyouCMS version 1.6.2, which can be exploited by attackers to inject malicious JavaScript scripts...
EyouCms Cross-Site Scripting Vulnerability (CNVD-2023-36287)
EyouCms is an open source content management system CMS based on ThinkPHP. A cross-site scripting vulnerability exists in EyouCms version V1.6.1-UTF8-sp1. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...
EyouCms 跨站脚本漏洞
EyouCms is an open source content management system CMS based on ThinkPHP. A cross-site scripting vulnerability exists in EyouCms version V1.6.1-UTF8-sp1. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...
SIYUCMS suffers from an arbitrary file deletion vulnerability (CNVD-2023-50754)
SIYUCMS is a content management system based on the latest version of ThinkPHP-5.1.X framework with AdminLTE in the backend front-end framework. SIYUCMS suffers from an arbitrary file deletion vulnerability, which can be exploited by an attacker to delete arbitrary files...