VYPR
Critical severity9.8OSV Advisory· Published Jan 23, 2019· Updated Jun 17, 2026

CVE-2019-6713

CVE-2019-6713

Description

app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Thinkcmf/ThinkcmfOSV2 versions
    5.0-Beta, 5.0-RC4, 5.0.170607, …+ 1 more
    • (no CPE)range: 5.0-Beta, 5.0-RC4, 5.0.170607, …
    • (no CPE)range: <=5.0.190111

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.