821 matches found
CVE-2021-36567
ThinkPHP v6.0.8 contains a deserialization vulnerability in the League\Flysystem\Cached\Storage\AbstractCache component. Affected software: ThinkPHP v6.0.8. Root cause: deserialization vulnerability in the specified cache storage AbstractCache. Impact (per NVD): CVSS v3.1 base score 9.8 (CRITICAL...
ThinkPHP代码问题漏洞
Top Thinking Information Technology ThinkPHP is a PHP-based, open source, lightweight Web application development framework from China Top Thinking Information Technology. A security vulnerability exists in ThinkPHP v6.0.8, which stems from a deserialization vulnerability in the component...
ThinkPHP代码问题漏洞
Top Thinking Information Technology ThinkPHP is a PHP-based, open source, lightweight Web application development framework from China Top Thinking Information Technology. A code issue vulnerability exists in ThinkPHP v6.0.8, which stems from the component LeagueFlysystemCachedStorageAbstractCach...
CVE-2021-43682
thinkphp-bjyblog last update Jun 4 2021 is affected by a Cross Site Scripting XSS vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains $SERVER'HTTPHOST'...
Cross site scripting
thinkphp-bjyblog last update Jun 4 2021 is affected by a Cross Site Scripting XSS vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains $SERVER'HTTPHOST'...
CVE-2021-43682
thinkphp-bjyblog last update Jun 4 2021 is affected by a Cross Site Scripting XSS vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains $SERVER'HTTPHOST'...
CVE-2021-43682
CVE-2021-43682 affects thinkphp-bjyblog and is caused by an XSS issue in AdminBaseController.class.php due to insufficient input filtering. The exit function can print a message containing $_SERVER['HTTP_HOST'], potentially exposing server information or enabling crafted payloads to reflect data....
Thinkphp-Bjyblog 跨站脚本漏洞
Thinkphp-Bjyblog is an open source blog based on ThinkPhp developed by Baijunyao, an individual developer in China. A cross-site scripting vulnerability exists in Thinkphp-Bjyblog because the exit function in the product AdminBaseController.class.php file does not effectively filter input data. T...
Workerman-ThinkPHP-Redis Cross-Site Scripting Vulnerability
Workerman-ThinkPHP-Redis is an open source project consisting of the Workerman framework, the ThinkPHP framework, and Redis.Workerman-ThinkPHP-Redis is vulnerable to a cross-site scripting vulnerability that originates in the file Controller.class.php, where the exit function will terminate the...
CVE-2021-43697
Workerman-ThinkPHP-Redis last update Mar 16, 2018 is affected by a Cross Site Scripting XSS vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $GETC'VARJSONPHANDLER' then there is a XSS vulnerability...
CVE-2021-43697
Workerman-ThinkPHP-Redis last update Mar 16, 2018 is affected by a Cross Site Scripting XSS vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $GETC'VARJSONPHANDLER' then there is a XSS vulnerability...
Cross site scripting
Workerman-ThinkPHP-Redis last update Mar 16, 2018 is affected by a Cross Site Scripting XSS vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $GETC'VARJSONPHANDLER' then there is a XSS vulnerability...
CVE-2021-43697
Workerman-ThinkPHP-Redis last update Mar 16, 2018 is affected by a Cross Site Scripting XSS vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $GETC'VARJSONPHANDLER' then there is a XSS vulnerability...
CVE-2021-43697
CVE-2021-43697 affects the combined Workerman-ThinkPHP-Redis project. The vulnerability originates in the file Controller.class.php where the exit() call prints a message to the user and incorporates content from $_GET{C('VAR_JSONP_HANDLER')}, enabling a Cross-Site Scripting (XSS) scenario. The c...
Workerman-ThinkPHP-Redis 跨站脚本漏洞
Workerman-ThinkPHP-Redis is an open source project consisting of the Workerman framework, the ThinkPHP framework, and Redis.Workerman-ThinkPHP-Redis is vulnerable to a cross-site scripting vulnerability that originates in the file Controller.class.php, where the exit function will terminate the...
php_code_audit_project
The provided code snippet appears to be a PDF document containing a vulnerability report for ThinkPHP, a PHP framework. The report describes a request function vulnerability that allows for remote code execution. The code snippet is a PDF document with a single page containing a table with severa...
FastAdmin has a file upload vulnerability
FastAdmin is an extremely fast backend development framework based on ThinkPHP and Bootstrap.FastAdmin is vulnerable to file upload. An attacker can use this vulnerability to gain server privileges...
ThinkPHP "noneCms" Remote Code Execution Vulnerability
ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter...
ThinkPHP Remote Code Execution Vulnerability
ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...
Myucms Remote Code Execution Vulnerability (CNVD-2022-33817)
MyuCms is an intelligent customization system developed by ThinkPhp specifically set up for businesses. myucms has a remote code execution vulnerability that can be exploited by attackers to cause code execution...