Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thinkphp thinkphp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-45982
thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows malicious users to execute arbitrary code via a crafted payload.
Thinkphp Thinkphp 6.1.0
Thinkphp Thinkphp
NA
CVE-2022-44289
Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.
Thinkphp Thinkphp 5.0.24
Thinkphp Thinkphp 5.1.41
668
VMScore
CVE-2020-20120
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.
Thinkphp Thinkphp
668
VMScore
CVE-2018-16385
ThinkPHP prior to 5.1.23 allows SQL Injection via the public/index/index/test/index query string.
Thinkphp Thinkphp
668
VMScore
CVE-2021-44350
SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php.
Thinkphp Thinkphp
668
VMScore
CVE-2021-23592
The package topthink/framework prior to 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.
Thinkphp Thinkphp
NA
CVE-2022-47945
ThinkPHP Framework prior to 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by includ...
Thinkphp Thinkphp
1 Github repository
668
VMScore
CVE-2022-33107
ThinkPHP v6.0.12 exists to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows malicious users to execute arbitrary code via a crafted payload.
Thinkphp Thinkphp 6.0.12
668
VMScore
CVE-2021-36564
ThinkPHP v6.0.8 exists to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php.
Thinkphp Thinkphp 6.0.8
578
VMScore
CVE-2021-44892
A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges.
Thinkphp Thinkphp 3.2.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »