fmsdwifull/tp5cms

fmsdwifull/tp5cms

Releases0

Stars17

一个基于thinkphp5的cms框架，前端采用swiper+bootstrap+自定义layout，外观相当美观。考虑到目前市场成熟的基于php的cms都商业收费，具有一定的使用成本，而且比较难定制开发，故本人收集到该代码时首先考虑到免费开源。系统存在一些问题，需要修改，本人希望本人和同行小伙伴们继续后面的工作，开发出一套基于php的真正免费开源的cms。

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-31280 ↗	Jun 14, 2023Wednesday, 14 June 2023, 14:15	6.1 MEDIUM	—
An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter.
CVE-2018-19692 ↗	Nov 29, 2018Thursday, 29 November 2018, 18:29	—	7.5 HIGH
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type.
CVE-2018-19693 ↗	Nov 29, 2018Thursday, 29 November 2018, 18:29	—	4.3 MEDIUM
An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter.
CVE-2018-15566 ↗	Aug 20, 2018Monday, 20 August 2018, 01:29	—	4.3 MEDIUM
tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter.
CVE-2018-15568 ↗	Aug 20, 2018Monday, 20 August 2018, 01:29	—	6.8 MEDIUM
tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html.