liu21st/onethink

liu21st/onethink

www.onethink.cn

Releases8

Frequency1 month 1 week

Last Release almost 12 years ago

Stars378

a content manager framework base on thinkphp3.2

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-33443 ↗	Apr 29, 2024Monday, 29 April 2024, 18:15	7.1 HIGH	—
An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component.
CVE-2024-33444 ↗	Apr 29, 2024Monday, 29 April 2024, 17:15	9.8 CRITICAL	—
SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component.
CVE-2018-16449 ↗	Sep 4, 2018Tuesday, 4 September 2018, 04:29	—	4.3 MEDIUM
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html.
CVE-2018-15197 ↗	Aug 8, 2018Wednesday, 8 August 2018, 03:29	—	6.8 MEDIUM
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges.
CVE-2018-15198 ↗	Aug 8, 2018Wednesday, 8 August 2018, 03:29	—	6.8 MEDIUM
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user.