Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thinkphp thinkphp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-45982
thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows malicious users to execute arbitrary code via a crafted payload.
Thinkphp Thinkphp 6.1.0
Thinkphp Thinkphp
NA
CVE-2022-44289
Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.
Thinkphp Thinkphp 5.0.24
Thinkphp Thinkphp 5.1.41
NA
CVE-2022-47945
ThinkPHP Framework prior to 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by includ...
Thinkphp Thinkphp
1 Github repository
7.5
CVSSv2
CVE-2020-20120
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.
Thinkphp Thinkphp
7.5
CVSSv2
CVE-2021-44350
SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php.
Thinkphp Thinkphp
7.5
CVSSv2
CVE-2021-23592
The package topthink/framework prior to 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.
Thinkphp Thinkphp
7.5
CVSSv2
CVE-2018-16385
ThinkPHP prior to 5.1.23 allows SQL Injection via the public/index/index/test/index query string.
Thinkphp Thinkphp
7.5
CVSSv2
CVE-2018-17566
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.
Thinkphp Thinkphp 5.1.24
6.5
CVSSv2
CVE-2021-44892
A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges.
Thinkphp Thinkphp 3.2.3
5
CVSSv2
CVE-2022-25481
ThinkPHP Framework v5.0.24 exists to be configured without the PATHINFO parameter. This allows malicious users to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the deb...
Thinkphp Thinkphp 5.0.24
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »