154 matches found
PT-2024-28853 · Thinksaas · Thinksaas
Name of the Vulnerable Software and Affected Versions: ThinkSAAS version 3.7 Description: The issue allows attackers to delete arbitrary files via a crafted request. This is an arbitrary file deletion vulnerability. Recommendations: For ThinkSAAS version 3.7, update to a version that contains a f...
CVE-2024-40456
ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...
CVE-2024-40455
An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request...
CVE-2024-40455
An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request...
CVE-2024-40455
CVE-2024-40455 concerns ThinkSAAS 3.7, where an arbitrary file deletion vulnerability can be triggered by a crafted request. The available documents identify the affected product/version and the broad impact (arbitrary files deletion) but do not provide detailed root cause, specific affected comp...
CVE-2024-40456
ThinkSAAS v3.7.0 contains an SQL injection vulnerability exploitable via the name parameter in /system/action/update.php. Root cause described in connected sources as insufficient validation of external input in that endpoint. CVSS v3.1 base score 9.8 (CRITICAL) with network attack vector, no pri...
CVE-2024-33101
A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...
CVE-2024-33102
A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter...
ThinkSAAS 安全漏洞
ThinkSAAS is an open source community development system based on PHP and MySQL. A security vulnerability exists in ThinkSAAS version v3.7.0, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecti...
CVE-2024-33102
A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter...
CVE-2024-33101
A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...
CVE-2024-33101
A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...
PT-2024-25115 · Thinksaas · Thinksaas
Name of the Vulnerable Software and Affected Versions: ThinkSAAS version 3.7.0 Description: A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter. This...
ThinkSAAS 安全漏洞
ThinkSAAS is an open source community development system based on PHP and MySQL. A security vulnerability exists in ThinkSAAS version v3.7.0, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecti...
CVE-2024-33101
CVE-2024-33101 concerns a stored XSS in ThinkSAAS v3.7.0, specifically in the /action/anti.php component, where a crafted payload injected into the word parameter can cause arbitrary web script/HTML execution. The issue is confirmed across multiple sources (Red Hat, NVD, OSV, CVE lists) with a co...
PT-2024-25114 · Thinksaas · Thinksaas
Name of the Vulnerable Software and Affected Versions: ThinkSAAS version 3.7.0 Description: A stored cross-site scripting XSS vulnerability in the component /action/anti.php allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...
CVE-2024-33102
A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter...
CVE-2024-33102
CVE-2024-33102 affects ThinkSAAS v3.7.0, specifically the /pubs/counter.php component. The vulnerability is a stored XSS that allows an attacker to execute arbitrary web scripts or HTML by injecting a crafted payload into the code parameter. The CVSS v3.1 base score is 5.4 (Medium) with network a...
CVE-2024-33101
A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...
ThinkSAAS Authorization Issues Vulnerabilities
ThinkSAAS is an open source community development system based on PHP and MySQL. ThinkSAAS version 2.7 suffers from an authorization issue vulnerability, which can be exploited by remote attackers to modify the description of any user's photo via the "photoid\%5B\%5D" and...