thinkcmf/thinkcmf is vulnerable to remote code execution. A lack of validation and mishandling of the alias
parameter from portal/admin_category/addpost.html
allows a remote attacker to execute arbitrary PHP code and OS commands.
CPE | Name | Operator | Version |
---|---|---|---|
thinkcmf/thinkcmf | le | 6.0.0 |