VYPR
High severity8.8OSV Advisory· Published Feb 7, 2019· Updated Jun 17, 2026

CVE-2019-7580

CVE-2019-7580

Description

ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.