ThinkSAAS 安全漏洞

ThinkSAAS is an open source community development system based on PHP and MySQL. A security vulnerability exists in ThinkSAAS version v3.7.0, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecti...

CVE-2018-15130

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter...

ThinkSAAS 最新版SQL注入之二

简要描述： ThinkSAAS 最新版2.1，官方2月15日更新，SQL注入第二弹 详细说明： 上传资料处/app/attach/action/upload.php： case "do": $userid = intval$GET'userid'; $albumid = intval$GET'albumid'; if$userid=='0' || $albumid == 0 echo '00000'; exit; $attachid = $new'attach'-create'attach',array 'userid' = $userid,...