Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thinkphp thinkphp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-45982
thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows malicious users to execute arbitrary code via a crafted payload.
Thinkphp Thinkphp 6.1.0
Thinkphp Thinkphp
NA
CVE-2022-44289
Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.
Thinkphp Thinkphp 5.0.24
Thinkphp Thinkphp 5.1.41
668
VMScore
CVE-2020-20120
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.
Thinkphp Thinkphp
668
VMScore
CVE-2021-44350
SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php.
Thinkphp Thinkphp
NA
CVE-2022-47945
ThinkPHP Framework prior to 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by includ...
Thinkphp Thinkphp
1 Github repository
668
VMScore
CVE-2021-23592
The package topthink/framework prior to 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.
Thinkphp Thinkphp
668
VMScore
CVE-2018-16385
ThinkPHP prior to 5.1.23 allows SQL Injection via the public/index/index/test/index query string.
Thinkphp Thinkphp
668
VMScore
CVE-2018-18530
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.
Thinkphp Thinkphp 5.1.25
668
VMScore
CVE-2018-18546
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable.
Thinkphp Thinkphp 3.2.4
578
VMScore
CVE-2021-44892
A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges.
Thinkphp Thinkphp 3.2.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »