VYPR

ThinkCMF-5.0.190111

by Shadowsock5

CVEs (1)

  • CVE-2019-7580HigFeb 7, 2019
    risk 0.58cvss 8.8epss 0.10

    ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection.