Home/Product/thinkcmf
Product

thinkcmf

15 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-31615
all versions
ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.
9.8CRITICAL
 CVE-2020-25915
all versions
Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary co
5.4MEDIUM
 CVE-2022-40849
all versions
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability
5.4MEDIUM
 CVE-2022-40489
all versions
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to
8.8HIGH
 CVE-2021-40616
all versions
thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 thr
6.5MEDIUM
 CVE-2020-20601
all versions
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.
9.8CRITICAL
 CVE-2020-18151
all versions
Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account.
6.5MEDIUM
 CVE-2019-7580
all versions
ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias paramet
8.8HIGH
 CVE-2019-6713
all versions
app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vec
9.8CRITICAL
 CVE-2018-19898
all versions
ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticat
8.8HIGH
 CVE-2018-19897
all versions
ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the mana
7.2HIGH
 CVE-2018-19896
all versions
ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privi
7.2HIGH
 CVE-2018-19895
all versions
ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager priv
7.2HIGH
 CVE-2018-19894
all versions
ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable wi
7.2HIGH
 CVE-2018-16141
all versions
ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.
6.5MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh