Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2019-7580

Published: 07/02/2019 Updated: 08/02/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Thinkcmf

Vulnerability Summary

ThinkCMF 5.0.190111 allows remote malicious users to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

thinkcmf thinkcmf 5.0.190111

Github Repositories

https://github.com/Shenkongyin/CUC-2023

CUC-2023 本项目为CUC-2023 漏洞环境构建及漏洞复现报告。 githubcom/Shenkongyin/CUC-2023 技术与实现 1Python_CVE_2022_28347_Django 该漏洞使用本地IDE自建项目并结合 docker-composeyml 和 Dockerfile构建漏洞集成环境。使用Python编写POC完成漏洞复现。 2PHP_CVE-2019-7580_ThinkCMF 该漏洞使用 docker-composeyml 拉

References

CWE-94https://xz.aliyun.com/t/3997https://github.com/shadowsock5/ThinkCMF-5.0.190111/blob/master/README.mdhttps://nvd.nist.govhttps://github.com/Shenkongyin/CUC-2023
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook