Zoujingli
Products
2- 4 CVEs
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-10749 | 0.00 | — | 0.01 | Nov 4, 2024 | A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack… | |||
| CVE-2023-48965 | 0.00 | — | 0.01 | Dec 4, 2023 | An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. | |||
| CVE-2023-34833 | 0.00 | — | 0.01 | Jun 15, 2023 | An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file. | |||
| CVE-2019-11018 | 0.00 | — | 0.01 | Apr 8, 2019 | application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. | |||
| CVE-2018-11369 | 0.00 | — | 0.01 | May 22, 2018 | An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter. |
- CVE-2024-10749Nov 4, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack…
- CVE-2023-48965Dec 4, 2023risk 0.00cvss —epss 0.01
An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file.
- CVE-2023-34833Jun 15, 2023risk 0.00cvss —epss 0.01
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file.
- CVE-2019-11018Apr 8, 2019risk 0.00cvss —epss 0.01
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change.
- CVE-2018-11369May 22, 2018risk 0.00cvss —epss 0.01
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.