CVE-2018-19898

Name of the Vulnerable Software and Affected Versions ThinkCMF version X2.2.2

Description The issue concerns a SQL Injection problem via the edit post method in ArticleController.class.php. It can be exploited by normal authenticated users through the post[id][1] parameter in an article edit post action.

Recommendations For ThinkCMF version X2.2.2, as a temporary workaround, consider disabling the edit post method in ArticleController.class.php until a patch is available. Avoid using the post[id][1] parameter in the affected article edit post action until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.