CVE-2018-19894

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
06/12/2018
Last modified:
26/12/2018

Description

ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:thinkcmf:thinkcmf:x2.2.2:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools