Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thinkcmf thinkcmf 5.0.190111 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-7580
ThinkCMF 5.0.190111 allows remote malicious users to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection.
Thinkcmf Thinkcmf 5.0.190111
1 Github repository
9.8
CVSSv3
CVE-2019-6713
app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote malicious users to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call.
Thinkcmf Thinkcmf 5.0.190111
59 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started