CVE-2024-33102

A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter...

CVE-2020-35337

ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands...

CVE-2018-15130

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group∾=create=do groupdesc parameter...

PT-2024-28854 · Thinksaas · Thinksaas

Name of the Vulnerable Software and Affected Versions: ThinkSAAS version 3.7.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the name parameter at the "/system/action/update.php" API endpoint. Recommendations: For ThinkSAAS version...

ThinkSAAS 安全漏洞

ThinkSAAS is an open source community development system based on PHP and MySQL. A security vulnerability exists in ThinkSAAS version v3.7.0, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecti...