Cmfx
by Thinkcmf
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19897 | 0.00 | — | 0.00 | Dec 6, 2018 | ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action. | |||
| CVE-2018-19898 | 0.00 | — | 0.00 | Dec 6, 2018 | ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action. | |||
| CVE-2018-19896 | 0.00 | — | 0.00 | Dec 6, 2018 | ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action. | |||
| CVE-2018-19894 | 0.00 | — | 0.00 | Dec 6, 2018 | ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action. | |||
| CVE-2018-19895 | 0.00 | — | 0.00 | Dec 6, 2018 | ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action. |
- CVE-2018-19897Dec 6, 2018risk 0.00cvss —epss 0.00
ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.
- CVE-2018-19898Dec 6, 2018risk 0.00cvss —epss 0.00
ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.
- CVE-2018-19896Dec 6, 2018risk 0.00cvss —epss 0.00
ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action.
- CVE-2018-19894Dec 6, 2018risk 0.00cvss —epss 0.00
ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action.
- CVE-2018-19895Dec 6, 2018risk 0.00cvss —epss 0.00
ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action.