CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-6713

app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 77.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://www.ttk7.cn/post-108.html
https://www.thinkcmf.com/download.html
http://www.ttk7.cn/post-108.html
https://www.thinkcmf.com/download.html

Products affected by CVE-2019-6713

Thinkcmf » Thinkcmf » Version: 5.0.190111

cpe:2.3:a:thinkcmf:thinkcmf:5.0.190111

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-6713

Products

Pricing

Contact Us