Thinksaas: >> Thinksaas >> 2.7 Security Vulnerabilities
Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."
CVSS Score
5.3
EPSS Score
0.002
Published
2021-07-08
ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-03-24