Fanli2012/nbnbk

Fanli2012/nbnbk

Releases0

Stars93

基于thinkphp5的cms管理系统，B2C电商开源php商城系统平台，tp5开源cms，thinkphp企业网站源码，适合博客、中小企业建站二次开发。

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-46492 ↗	Dec 23, 2022Friday, 23 December 2022, 01:15	6.5 MEDIUM	—
nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary.
CVE-2022-46493 ↗	Dec 22, 2022Thursday, 22 December 2022, 23:15	9.8 CRITICAL	—
Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img.
CVE-2022-46491 ↗	Dec 22, 2022Thursday, 22 December 2022, 23:15	6.5 MEDIUM	—
A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts.
CVE-2022-31386 ↗	Jun 9, 2022Thursday, 9 June 2022, 14:15	9.1 CRITICAL	6.4 MEDIUM
A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter.