VYPR

Thinkphp

by Top Think

Source repositories

CVEs (2)

  • CVE-2019-9082KEVFeb 24, 2019
    risk 0.23cvss epss 0.97

    ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

  • CVE-2019-9181Feb 26, 2019
    risk 0.00cvss epss 0.02

    SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code after the JPEG data. This ultimately allows execution of arbitrary PHP code.