Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thinkcmf vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2018-19895
ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action.
Thinkcmf Thinkcmf X2.2.2
7.2
CVSSv3
CVE-2018-19896
ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action.
Thinkcmf Thinkcmf X2.2.2
8.8
CVSSv3
CVE-2018-19898
ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.
Thinkcmf Thinkcmf X2.2.2
6.5
CVSSv3
CVE-2018-16141
ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows server.
Thinkcmf Thinkcmfx X2.2.3
NA
CVE-2024-31615
ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2