WebCVE-2024-6713 Detail Description app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call. Severity CVSS Version 3.x WebNov 10, 2024 · 转载 ThinkCMF_X1.6.0-X2.2.3框架任意内容包含漏洞的简单分析复现(附自动化验证脚本) 1.漏洞概述. 攻击者可利用此漏洞构造恶意的url,向服务器写入任意内容的文件,达到远程代码执行的目的. 2.影响版本. ThinkCMF X1.6.0 ThinkCMF X2.1.0 ThinkCMF X2.2.0 ThinkCMF X2.2.1(我用的是 ...
Thinkcmf : Security vulnerabilities
WebDec 22, 2024 · Listed below are 10 of the newest known vulnerabilities associated with "Thinkcmf" by "Thinkcmf". These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still … WebThinkCMF is an open source content management framework (CMF) that supports Swoole. It is developed based on ThinkPHP. We have been adhering to the concept of ThinkPHP road to simplicity. We insist on making the most simple ThinkPHP open source software, and multi-application development methods allow you to complete your own projects faster. touchstone golf newsletters
Thinkcmf Thinkcmf : CVE security vulnerabilities, versions and …
WebDescription ThinkCMF X2.2.2 has SQL Injection via the function edit_post () in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action. Severity CVSS Version 3.x CVSS Version 2.0 CVSS 3.x Severity and Metrics: NIST: NVD Base Score: 7.2 HIGH WebThinkCMF核心应用 更新日志 v6.0.15. 修复幻灯片xxs 漏洞; 增加管理员添加编辑安全性; 增加管理员管理个人邮箱设置; 补全缺失语言包; 增加注册登录和验证码界面第三方验证码支持; v6.0.14. 优化插件设置更新; v6.0.13. 修复导航菜单添加编辑问题; 修复语言包缺失字段 WebThinkCMF是一款基于PHP+MYSQL开发的中文内容管理框架。ThinkCMF提出灵活的应用机制,框架自身提供基础的管理功能,而开发者可以根据自身的需求以应用的形式进行扩展。每个应用都能独立的完成自己的任务,也可通过系统调用其他应用进行协同工作。 potter twp municipal building