RSS   Podatności dla 'Thinkcmf'   RSS

2021-12-22
 
CVE-2020-20601

CWE-74
 

 
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.

 
2021-07-14
 
CVE-2020-18151

CWE-352
 

 
Cross Site Request Forgerly (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account.

 
2019-02-07
 
CVE-2019-7580

CWE-94
 

 
ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection.

 
2019-01-23
 
CVE-2019-6713

CWE-94
 

 
app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call.

 
2018-12-05
 
CVE-2018-19898

CWE-89
 

 
ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.

 
 
CVE-2018-19897

CWE-89
 

 
ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.

 
 
CVE-2018-19896

CWE-89
 

 
ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action.

 
 
CVE-2018-19895

CWE-89
 

 
ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action.

 
 
CVE-2018-19894

CWE-89
 

 
ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action.

 

 >>> Vendor: Thinkcmf 2 Produkty
Thinkcmfx
Thinkcmf


Copyright 2024, cxsecurity.com

 

Back to Top