VYPR

ThinkSAAS

by Thinksaas

CVEs (12)

  • CVE-2024-40456CriJul 16, 2024
    risk 0.64cvss 9.8epss 0.01

    ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php.

  • CVE-2020-35337CriMar 24, 2021
    risk 0.64cvss 9.8epss 0.02

    ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.

  • CVE-2024-33101MedApr 30, 2024
    risk 0.40cvss 6.1epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter.

  • CVE-2019-16665MedSep 21, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element.

  • CVE-2024-33102MedApr 30, 2024
    risk 0.35cvss 5.4epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter.

  • CVE-2020-18741MedJul 8, 2021
    risk 0.35cvss 5.3epss 0.01

    Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."

  • CVE-2018-15130MedAug 7, 2018
    risk 0.35cvss 5.4epss 0.01

    ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter.

  • CVE-2018-15129MedAug 7, 2018
    risk 0.35cvss 5.4epss 0.01

    ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter.

  • CVE-2019-16664MedSep 21, 2019
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter.

  • CVE-2024-6942LowJul 21, 2024
    risk 0.23cvss 3.5epss 0.00

    A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads to cross site scripting.…

  • CVE-2024-6941LowJul 21, 2024
    risk 0.23cvss 3.5epss 0.00

    A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument site_title/site_subtitle/site_key/site_desc/site_url/site_email/site_icp…

  • CVE-2024-40455LowJul 16, 2024
    risk 0.18cvss 2.7epss 0.00

    An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.