CVE-2018-19895
- EPSS 0.28%
- Veröffentlicht 06.12.2018 04:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:46
ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action.
CVE-2018-19896
- EPSS 0.28%
- Veröffentlicht 06.12.2018 04:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:46
ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action.
CVE-2018-19897
- EPSS 0.28%
- Veröffentlicht 06.12.2018 04:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:46
ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.
CVE-2018-19898
- EPSS 0.34%
- Veröffentlicht 06.12.2018 04:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:46
ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.