Published: 24/02/2019 Updated: 05/04/2022

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 936

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

ThinkPHP prior to 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
thinkphp thinkphp
opensourcebms open source background management system 1.1.1
zzzcms zzzphp 1.6.1

# Exploit Title: Cross-Site Request Forgery(CSRF) of zzzphp cms 161 # Google Dork: intext:"2015-2019 zzcmscom" # Date: 26/02/2019 # Exploit Author: Yang Chenglong # Vendor Homepage: wwwzzzcmscom/indexhtml # Software Link: 115295518/zzzphpzip # Version: 161 # Tested on: windows/Linux,iis/apache # CVE : CVE-2019-9082 ...

zzzphp CMS version 161 suffers from a cross site request forgery vulnerability ...

security_GPT_prompt

awesome-chatgpt-prompts-security(SEC-GPT) 训练ChatGPT成为一名网络安全专家。很多问题不是一个指令就可以得到精准结果的，需要根据每个问题深入去了解，不能浅尝即止，期待大家提交prompts。渗透测试历史漏洞跟踪，包括文章和POC脚本地址提问 Thinkphp有哪些漏洞，列出版本和cve编号，并给出

网络安全chatgpt指令集，训练chatgpt成为一名网络安全专家

awesome-chatgpt-prompts-cybersecurity 训练ChatGPT成为一名网络安全专家。很多问题不是一个指令就可以得到精准结果的，需要根据每个问题深入去了解，不能浅尝即止，期待大家提交prompts。最新指令发布在助安社区论坛，定期同步到此仓库。渗透测试历史漏洞跟踪，包括文章和POC脚本地址提�

CWE-94 CWE-306 https://github.com/xiayulei/open_source_bms/issues/33 https://www.exploit-db.com/exploits/46488/http://packetstormsecurity.com/files/157218/ThinkPHP-5.0.23-Remote-Code-Execution.html https://nvd.nist.gov https://github.com/adminlove520/SEC-GPT https://www.exploit-db.com/exploits/46488

CVE-2019-9082

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect