Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thinkphp thinkphp vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-19705
thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add.
Thinkphp-zcms Project Thinkphp-zcms 2019-07-15
9.3
CVSSv2
CVE-2019-9082
ThinkPHP prior to 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
Thinkphp Thinkphp
Opensourcebms Open Source Background Management System 1.1.1
Zzzcms Zzzphp 1.6.1
1 EDB exploit
2 Github repositories
4.3
CVSSv2
CVE-2018-16655
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.
Gxlcms Gxlcms 1.0
5
CVSSv2
CVE-2022-27442
TPCMS v3.2 allows malicious users to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password.
Tpcms Project Tpcms 3.2
7.5
CVSSv2
CVE-2020-35339
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.
74cms 74cms 5.0.1
NA
CVE-2024-34467
ThinkPHP 8.0.3 allows remote malicious users to discover the PHPSESSION cookie because think_exception.tpl (aka the debug error output source code) provides this in an error message for a crafted URI in a GET request.
7.5
CVSSv2
CVE-2018-20062
An issue exists in NoneCms V1.3. thinkphp/library/think/App.php allows remote malicious users to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.
5none Nonecms 1.3.0
4 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3