Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thinkphp thinkphp vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-19705
thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add.
Thinkphp-zcms Project Thinkphp-zcms 2019-07-15
936
VMScore
CVE-2019-9082
ThinkPHP prior to 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
Thinkphp Thinkphp
Opensourcebms Open Source Background Management System 1.1.1
Zzzcms Zzzphp 1.6.1
1 EDB exploit
2 Github repositories
383
VMScore
CVE-2018-16655
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.
Gxlcms Gxlcms 1.0
445
VMScore
CVE-2022-27442
TPCMS v3.2 allows malicious users to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password.
Tpcms Project Tpcms 3.2
668
VMScore
CVE-2020-35339
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.
74cms 74cms 5.0.1
NA
CVE-2024-34467
ThinkPHP 8.0.3 allows remote malicious users to discover the PHPSESSION cookie because think_exception.tpl (aka the debug error output source code) provides this in an error message for a crafted URI in a GET request.
668
VMScore
CVE-2018-20062
An issue exists in NoneCms V1.3. thinkphp/library/think/App.php allows remote malicious users to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.
5none Nonecms 1.3.0
4 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3