Critical severity9.8OSV Advisory· Published Jan 23, 2019· Updated Jun 17, 2026
CVE-2019-6713
CVE-2019-6713
Description
app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- www.ttk7.cn/post-108.htmlnvdPermissions RequiredThird Party Advisory
- www.thinkcmf.com/download.htmlnvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.