CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

CVE-2019-9082

ThinkPHP CVE-2019-9082 affects ThinkPHP before 3.2.4 (used in Open Source BMS v1.1.1). The vulnerability allows Remote Command Execution via a crafted request to public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=..., enabling an attacker to run comm...

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command. Recent assessments: Mad-robot at July 05, 2020 1:53pm UTC reported:...

Thinkphp 'Request.php' file code execution vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking Information Technology Co., Ltd. development and maintenance of the MVC structure of the open-source PHP framework. A code execution vulnerability exists in the Thinkphp 'Request.php' file. An attacker could exploit this...

VulnCheck KEV: CVE-2018-10225

thinkphp 3.1.3 has SQL Injection via the index.php s parameter...

WTCMS Cross-Site Scripting Vulnerability

WTCMS is a ThinkPHP-based content management system CMS. A cross-site scripting vulnerability exists in WTCMS version 1.0, which can be exploited by remote attackers to inject arbitrary web script or HTML with the help of the 'statistic code' field...

ThinkPHP 5.0.x < 5.0.23 / 5.1.x < 5.1.31 Remote Code Execution

A remote code execution vulnerability exists within multiple subsystems of ThinkPHP 5.0.x and 5.1.x. This potentially allows attackers to exploit multiple attack vectors on a ThinkPHP site, which could result in the site being completely compromised. Note: This has been detected using an active...

WTCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-04684)

WTCMS is a ThinkPHP-based content management system CMS. A cross-site request forgery vulnerability exists in WTCMS version 1.0, which can be exploited by remote attackers to alter website information...

ThinkPHP 5.0.x < 5.0.24 Remote Code Execution

A remote code execution vulnerability exists within multiple subsystems of ThinkPHP 5.0.x. This potentially allows attackers to exploit multiple attack vectors on a ThinkPHP site, which could result in the site being completely compromised. Note: This has been detected using an active check and...

SchoolCMS Cross-Site Scripting Vulnerability (CNVD-2019-35030)

SchoolCMS is an open source school teaching management system based on ThinkPHP framework. The system includes student management , grade management and teacher management . SchoolCMS cross-site scripting vulnerability , remote attackers can use the vulnerability to inject arbitrary Web script or...

SchoolCMS Cross-Site Scripting Vulnerability

SchoolCMS is an open source school teaching management system based on ThinkPHP framework. The system includes student management , grade management and teacher management . SchoolCMS has a cross-site scripting vulnerability. Attackers can use this vulnerability to inject arbitrary Web script or...

ThinkPHP Multiple Parameter RCE

Binary data thinkphprce.nbin...

SpeakUp Linux Backdoor Sets Up for Major Attack

LAS VEGAS — A backdoor trojan dubbed “SpeakUp” has been spotted exploiting the Linux servers that run more than 90 percent of the top 1 million domains in the U.S. It uses a complex bag of tricks to infect hosts and to propagate, which analysts say could indicate that it’s poised for a major...

NoneCMS ThinkPHP Remote Code Execution

A remote code execution vulnerability exists in NoneCMS ThinkPHP framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

This Week in Security News: Hacker Strategies and Spyware Attacks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how hackers are improving their breach strategies. Also, learn about new spyware attacks via URLs, websites, and mobile apps. Re...

Code execution vulnerability in WTCMS backend

WTCMS is a content management system CMS based on Thinkphp. A code execution vulnerability exists in the WTCMS backend, which can be exploited by an attacker to gain control of the web server...

Command Execution Vulnerability in Yzncms Frontend

Yzncms aka Otaku CMS is a CMS content management system based on the latest TP5.1 framework. Yzncms front-end command execution vulnerability, an attacker can exploit the vulnerability to execute arbitrary commands...