RSS   Vulnerabilities for 'Thinkphp'   RSS

2021-12-15
 
CVE-2021-44350

CWE-89
 
 
SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php.

 
2021-12-06
 
CVE-2021-36564

CWE-502
 
 
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php.

 
 
CVE-2021-36567

CWE-502
 
 
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache.

 
2021-09-28
 
CVE-2020-20120

CWE-89
 
 
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.

 
2018-10-20
 
CVE-2018-18546

CWE-89
 
 
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable.

 
2018-10-19
 
CVE-2018-18530

CWE-89
 
 
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.

 
 
CVE-2018-18529

CWE-89
 
 
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.

 
2018-09-26
 
CVE-2018-17566

CWE-89
 
 
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.

 
2018-04-19
 
CVE-2018-10225

CWE-89
 
 
thinkphp 3.1.3 has SQL Injection via the index.php s parameter.

 

Copyright 2024, cxsecurity.com

 

Back to Top