WebJun 16, 2024 · ThinkCMF X1.6.0,ThinkCMF X2.1.0,ThinkCMF X2.2.0,ThinkCMF X2.2.1,ThinkCMF X2.2.2ThinkCMF X2.2.3 Mitigation / Precaution We recommend you to change the modifiers of the display and fetch functions in the HomebaseController.class.php and AdminbaseController.class.php classes to protected. WebOct 1, 2024 · ThinkCMF is a Chinese content management framework built on the ThinkPHP+MYSQL combination. ThinkCMF promises a flexible application system, the framework itself provides basic management functions, and developers can enhance the platform in the form of applications to meet their own requirements.
thinkcmf/lnp - Docker
WebThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action. ranosh
thinkcmf添加和验证_哔哩哔哩_bilibili
WebJan 27, 2024 · ThinkCMF是一款基于PHP+MYSQL开发的中文内容管理系统框架,底层采用ThinkPHP3.2.3构建。ThinkCMF提出灵活的应用机制,框架自身提供基础的管理功能, … WebJun 14, 2024 · thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required. 2. CVE-2024-20601. WebDescription ThinkCMF X2.2.2 has SQL Injection via the function edit_post () in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action. Severity CVSS Version 3.x CVSS Version 2.0 CVSS 3.x Severity and Metrics: NIST: NVD Base Score: 7.2 HIGH dr muhammad ijaz nj