22 matches found
CVE-2018-19898
ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...
CVE-2018-19894
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...
CVE-2018-19895
ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...
CVE-2020-20601
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet...
CVE-2020-20601
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet...
CVE-2020-20601
CVE-2020-20601 affects ThinkCMF X2.2.2 and earlier. The issue is a remote code execution vulnerability arising from processing crafted packets, enabling unauthenticated attackers to execute arbitrary PHP code on ThinkCMF servers. The impact is described as full server compromise and access to web...
ThinkCMF 代码注入漏洞
ThinkCMF is a CMS Content Management System based on ThinkPHP. thinkCMF version X2.2.2 has a security vulnerability that can be exploited by attackers to execute arbitrary code via a crafted package...
CVE-2018-19898
ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...
Sql injection
ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...
Sql injection
ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...
CVE-2018-19897
ThinkCMF X2.2.2 has SQL Injection via the function listorders in AdminbaseController.class.php and is exploitable with the manager privilege via the listorderskey1 parameter in a Link listorders action...
CVE-2018-19895
ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...
CVE-2018-19898
ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...
CVE-2018-19895
ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...
CVE-2018-19894
ThinkCMF X2.2.2 is affected by an SQL Injection via the functions check() and delete() in CommentadminController.class.php. The vulnerability can be exploited by an attacker with manager/administrator privileges through the ids[] parameter in a commentadmin action. This leads to injection in the ...
CVE-2018-19896
ThinkCMF X2.2.2 is affected by a SQL injection via delete() in SlideController.class.php, exploitable with manager/admin privileges through the ids[] parameter in a slide action. Connected sources confirm the vulnerability details but do not provide a patch/version remediation in the documents. N...
CVE-2018-19894
ThinkCMF X2.2.2 has SQL Injection via the functions check and delete in CommentadminController.class.php and is exploitable with the manager privilege via the ids parameter in a commentadmin action...
CVE-2018-19898
ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...
CVE-2018-19898
ThinkCMF X2.2.2 is affected by an SQL injection in the edit_post action of ArticleController.class.php. The vulnerability is exploitable by normal authenticated users via the post[id][1] parameter when editing an article. Multiple connected documents (NVD, Red Hat, OSV, CVE lists, CNVD, and other...
CVE-2018-19897
CVE-2018-19897 refers to ThinkCMF X2.2.2, where there is a SQL injection in the function _listorders() within AdminbaseController.class.php. The vulnerability is exploitable by users with manager privileges via the listorders[key][1] parameter in a Link listorders action. Multiple connected sourc...