Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thinkphp thinkphp vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-18529
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.
Thinkphp Thinkphp 3.2.4
668
VMScore
CVE-2018-18530
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.
Thinkphp Thinkphp 5.1.25
668
VMScore
CVE-2018-10225
thinkphp 3.1.3 has SQL Injection via the index.php s parameter.
Thinkphp Thinkphp 3.1.3
1 Github repository
668
VMScore
CVE-2022-33107
ThinkPHP v6.0.12 exists to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows malicious users to execute arbitrary code via a crafted payload.
Thinkphp Thinkphp 6.0.12
NA
CVE-2022-38352
ThinkPHP v6.0.13 exists to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows malicious users to execute arbitrary code via a crafted payload.
Thinkphp Thinkphp 6.0.13
890
VMScore
CVE-2021-36567
ThinkPHP v6.0.8 exists to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache.
Thinkphp Thinkphp 6.0.8
668
VMScore
CVE-2021-36564
ThinkPHP v6.0.8 exists to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php.
Thinkphp Thinkphp 6.0.8
578
VMScore
CVE-2021-44892
A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges.
Thinkphp Thinkphp 3.2.3
383
VMScore
CVE-2021-43682
thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains $_SERVER['HTTP_HOST'].
Thinkphp-bjyblog Project Thinkphp-bjyblog -
383
VMScore
CVE-2021-43697
Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER...
Workerman-thinkphp-redis Project Workerman-thinkphp-redis
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »