GHSA-7XFJ-4JPG-58VF ThinkPHP SQLi Vulnerability

ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI...

GHSA-78Q9-24GV-G288 ThinkPHP SQLi Vulnerability

ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI...

GHSA-J7G8-3QQG-8CVM ThinkPHP SQLi Vulnerability

ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable...

ThinkPHP SQLi Vulnerability

ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable...

ThinkPHP 代码问题漏洞

Top Think Information Technology ThinkPHP is a PHP-based, open source, lightweight web application development framework from China's Top Think Information Technology Company. A security vulnerability exists in ThinkPHP framework versions prior to 6.0.12, which stems from unsafe deserialization i...

GreenCMS 安全漏洞

GreenCMS is a content management system CMS developed on ThinkPHP. GreenCMS version 2.3.0603 has a security vulnerability, the vulnerability stems from the existence of arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&pluginname=...

CVE-2022-27442

TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password...

CVE-2022-27442

TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password...

CVE-2022-27442

TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password...

Default credentials

TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password...

CVE-2022-27442

TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password...

CVE-2022-27442

The CVE-2022-27442 entry concerns TPCMS v3.2, where attackers can access the ThinkPHP log directory and obtain sensitive information such as the administrator’s username and password. The available connected documents confirm the affected software (TPCMS v3.2), the vulnerable component (ThinkPHP ...

TPCMS 日志信息泄露漏洞

TPCMS is an open source content management system from the individual developers at Source of Happiness. A security vulnerability exists in TPCMS version 3.2, which can be exploited by an attacker to access the ThinkPHP log directory and obtain sensitive information such as administrator username...

Dolphin PHP Cross-Site Scripting Vulnerability

DolphinPhp is a set of Php rapid development framework based on ThinkPhp 5.1.34 Lts. A cross-site scripting vulnerability exists in DolphinPHP 1.5.0 and prior versions, which stems from the program's lack of data validation filtering of user-supplied and output data. An attacker could exploit the...

DolphinPHP 跨站脚本漏洞

DolphinPhp is a set of Php rapid development framework based on ThinkPhp 5.1.34 Lts. A cross-site scripting vulnerability exists in DolphinPHP 1.5.0 and prior versions, which stems from the program's lack of data validation filtering of user-supplied and output data. An attacker could exploit the...

EyouCms 安全漏洞

Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in the /data/sqldata component of EyouCms v1.5.5, which stems from the lack of access control in the component...

Exposure of Resource to Wrong Sphere in ThinkPHP Framework

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php...

GHSA-69WP-XWM7-69WM Exposure of Resource to Wrong Sphere in ThinkPHP Framework

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php...

CVE-2022-25481

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode...

CVE-2022-25481

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode...