VYPR

Cmfx

by Thinkcmf

Source repositories

CVEs (5)

  • CVE-2018-19898HigDec 6, 2018
    risk 0.57cvss 8.8epss 0.01

    ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.

  • CVE-2018-19897HigDec 6, 2018
    risk 0.47cvss 7.2epss 0.01

    ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.

  • CVE-2018-19896HigDec 6, 2018
    risk 0.47cvss 7.2epss 0.01

    ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action.

  • CVE-2018-19895HigDec 6, 2018
    risk 0.47cvss 7.2epss 0.01

    ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action.

  • CVE-2018-19894HigDec 6, 2018
    risk 0.47cvss 7.2epss 0.01

    ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action.