thinkcmf/cmfx

thinkcmf/cmfx

www.thinkcmf.com

Releases7

Frequency3 months 6 days

Last Release over 9 years ago

Stars361

ThinkCMFX ,based on ThinkPHP 3.2.3, it is same with ThinkCMF

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-19894 ↗	Dec 6, 2018Thursday, 6 December 2018, 04:29	—	6.5 MEDIUM
ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action.
CVE-2018-19895 ↗	Dec 6, 2018Thursday, 6 December 2018, 04:29	—	6.5 MEDIUM
ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action.
CVE-2018-19896 ↗	Dec 6, 2018Thursday, 6 December 2018, 04:29	—	6.5 MEDIUM
ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action.
CVE-2018-19897 ↗	Dec 6, 2018Thursday, 6 December 2018, 04:29	—	6.5 MEDIUM
ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.
CVE-2018-19898 ↗	Dec 6, 2018Thursday, 6 December 2018, 04:29	—	6.5 MEDIUM
ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.