CVE-2021-40616

2022-06-1410:15:17

Google

osv.dev

0.001 Low

EPSS

Percentile

24.8%

JSON

thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required.

CPENameOperatorVersion
thinkcmfeq5.0-RC4
thinkcmfeq5.1.1
thinkcmfeq5.1.5
thinkcmfeq5.1.0
thinkcmfeq5.0.180123
thinkcmfeq5.1.2
thinkcmfeq5.0.170927-rc
thinkcmfeq5.0-Beta
thinkcmfeq5.1.7
thinkcmfeq5.0RC1

Name	Operator	Version
thinkcmf	eq	5.0-RC4
thinkcmf	eq	5.1.1
thinkcmf	eq	5.1.5
thinkcmf	eq	5.1.0
thinkcmf	eq	5.0.180123
thinkcmf	eq	5.1.2
thinkcmf	eq	5.0.170927-rc
thinkcmf	eq	5.0-Beta
thinkcmf	eq	5.1.7
thinkcmf	eq	5.0RC1

Rows per page:

1-10 of 191

References

github.com/thinkcmf/thinkcmf/issues/722

0.001 Low

EPSS

Percentile

24.8%

JSON

Related for OSV:CVE-2021-40616