ThinkPHP 3.X/5.X order by injection vulnerability

ThinkPHP is a lightweight PHP development framework. A security vulnerability exists in ThinkPHP. The vulnerability is due to ThinkPHP in the processing of order by sorting, when the sorting parameters are controllable and associated arrays key-value, the framework does not make security filterin...

tp5cms Cross-Site Request Forgery Vulnerability

tp5cms is a content management system CMS framework written in the PHP language and based on technologies such as ThinkPHP, swiper and bootstrap. A cross-site request forgery vulnerability exists in tp5cms 2017-05-25 and earlier versions. A remote attacker can exploit this vulnerability to delete...

tp5cms Cross-site Scripting Vulnerability

tp5cms is a content management system CMS framework written in the PHP language and based on technologies such as ThinkPHP, swiper and bootstrap. A cross-site scripting vulnerability exists in tp5cms 2017-05-25 and earlier versions. A remote attacker can exploit this vulnerability to inject...

OneThink Cross-Site Request Forgery Vulnerability (CNVD-2018-14976)

Onethink is a ThinkPHP-based content management framework for web development . A cross-site request forgery vulnerability exists in the admin.php?s=/User/add.html page in OneThink version 1.1. A remote attacker can exploit this vulnerability to add users...

OneThink Cross-Site Request Forgery Vulnerability

Onethink is a ThinkPHP-based content management framework for web development . A cross-site request forgery vulnerability exists in the admin.php?s=/AuthManager/addToGroup.html page in OneThink version 1.1. A remote attacker can exploit this vulnerability to gain administrator privileges...

Arbitrary File Deletion Vulnerability in GreenCMS Backend

GreenCMS is an open source content management system written in PHP by Green Shade Studio, which is based on ThinkPHP, the most popular PHP development framework in China. GreenCMS background there are any file deletion vulnerability , attackers can use the vulnerability to delete any file...

Code Execution Vulnerability in efucms Website Builder System

efucms is an easy-to-use content management system based on ThinkPHP. Code execution vulnerability exists in efucms website builder system, which can be exploited by attackers to execute arbitrary code...

efucms website builder system has cross-site scripting vulnerability

efucms is an easy-to-use content management system based on ThinkPHP. There is an xss vulnerability in efucms website builder system, which can be exploited by attackers to steal administrator cookies and fake administrator privilege login...

GreenCMS Cross-Site Request Forgery Vulnerability

GreenCMS is a content management system CMS based on ThinkPHP. A cross-site request forgery vulnerability exists in GreenCMS version 2.3.0603. A remote attacker can add an administrator account with the help of the index.php?m=admin&c=access&a=adduserhandle URL...

GreenCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-13895)

GreenCMS is a content management system CMS based on ThinkPHP. A cross-site request forgery vulnerability exists in GreenCMS version 2.3.0603. A remote attacker can exploit this vulnerability by sending the 'content' parameter to the index.php?m=admin&c=media&a=fileconnect URL to execute arbitrar...

GreenCMS Arbitrary File Download Vulnerability

GreenCMS is a content management system CMS based on ThinkPHP. An arbitrary file download vulnerability exists in GreenCMS version 2.3.0603. An attacker can download arbitrary files with the help of index.php?m=admin&c=media&a=downfile URI...

LFCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-14218)

LFCMS is a video-on-demand system based on ThinkPHP and MySQL. A cross-site request forgery vulnerability exists in LFCMS version 3.7.0. A remote attacker can exploit this vulnerability to arbitrarily add users...

LFCMS Cross-Site Request Forgery Vulnerability

LFCMS is a PHP based on THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. LFCMS 3.7.0 admin.php cross-site request forgery vulnerability exists. Remote attackers can use this vulnerability to hijack...

GreenCMS Information Disclosure Vulnerability

GreenCMS is a content management system CMS based on ThinkPHP. A security vulnerability exists in GreenCMS version 2.3.0603. A remote attacker can exploit the vulnerability by sending a direct request to the Data/Log/yearmonthday.log file to obtain sensitive information...

ArticleCMS Cross-Site Scripting Vulnerability

ArticleCMS is a responsive content management system CMS built on Bootstrap and ThinkPHP. The system is mainly used for the management of users and articles in the background. A cross-site scripting vulnerability exists in ArticleCMS 2017-02-19 and earlier versions. A remote attacker can exploit...

SQL Injection Vulnerability in ThinkCMF

ThinkCMF is a Chinese Content Management Framework CMF based on ThinkPHP+MYSQL. ThinkCMF has a SQL injection vulnerability , attackers can exploit the vulnerability to obtain sensitive database data...

thinkphp SQL Injection Vulnerability (CNVD-2018-09389)

thinkphp is a set of open source, PHP-based lightweight web application development framework. A SQL injection vulnerability exists in thinkphp version 3.1.3. A remote attacker can use the 's' parameter to send a specially crafted SQL statement to the index.php file to exploit the vulnerability t...

Backdoor in Tpshop <= 2.0.8 (CVE-2018-9919)

Backdoor in Tpshop = 2.0.8 CVE-2018-9919 The Tpshop open source mall system is a multi-merchant mode mall system developed by Shenzhen Leopard Network Co., Ltd.This system is based on the Thinkphp development framework. Product Download: http://www.tp-shop.cn/Index/Index/download.html Vulnerabili...

Tpshop 2.0.8 Arbitrary File Download / SSRF Vulnerability

Tpshop versions 2.0.8 and below suffer from arbitrary file download and server-side request forgery vulnerabilities. Backdoor in Tpshop = 2.0.8 CVE-2018-9919 The Tpshop open source mall system is a multi-merchant mode mall system developed by Shenzhen Leopard Network Co., Ltd.This system is based...

Tpshop 2.0.8 Arbitrary File Download / SSRF

Backdoor in Tpshop = 2.0.8 CVE-2018-9919 The Tpshop open source mall system is a multi-merchant mode mall system developed by Shenzhen Leopard Network Co., Ltd.This system is based on the Thinkphp development framework. Product Download: http://www.tp-shop.cn/Index/Index/download.html Vulnerabili...