Unrated severityOSV Advisory· Published Jan 23, 2019· Updated Aug 4, 2024
CVE-2019-6713
CVE-2019-6713
Description
app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.ttk7.cn/post-108.htmlmitrex_refsource_MISC
- www.thinkcmf.com/download.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.