| Max CVSS | 6.5 | Min CVSS | 6.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-19898 | 6.5 |
ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.
|
26-12-2018 - 18:08 | 06-12-2018 - 04:29 | |
| CVE-2018-19897 | 6.5 |
ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.
|
26-12-2018 - 18:08 | 06-12-2018 - 04:29 | |
| CVE-2018-19896 | 6.5 |
ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action.
|
26-12-2018 - 18:07 | 06-12-2018 - 04:29 | |
| CVE-2018-19895 | 6.5 |
ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action.
|
26-12-2018 - 18:06 | 06-12-2018 - 04:29 | |
| CVE-2018-19894 | 6.5 |
ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action.
|
26-12-2018 - 18:05 | 06-12-2018 - 04:29 |