Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thinkphp thinkphp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-45982
thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows malicious users to execute arbitrary code via a crafted payload.
Thinkphp Thinkphp 6.1.0
Thinkphp Thinkphp
NA
CVE-2022-44289
Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.
Thinkphp Thinkphp 5.0.24
Thinkphp Thinkphp 5.1.41
668
VMScore
CVE-2020-20120
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.
Thinkphp Thinkphp
668
VMScore
CVE-2021-44350
SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php.
Thinkphp Thinkphp
668
VMScore
CVE-2018-16385
ThinkPHP prior to 5.1.23 allows SQL Injection via the public/index/index/test/index query string.
Thinkphp Thinkphp
NA
CVE-2022-47945
ThinkPHP Framework prior to 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by includ...
Thinkphp Thinkphp
1 Github repository
668
VMScore
CVE-2021-23592
The package topthink/framework prior to 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.
Thinkphp Thinkphp
445
VMScore
CVE-2022-25481
ThinkPHP Framework v5.0.24 exists to be configured without the PATHINFO parameter. This allows malicious users to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the deb...
Thinkphp Thinkphp 5.0.24
1 Github repository
668
VMScore
CVE-2018-18529
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.
Thinkphp Thinkphp 3.2.4
668
VMScore
CVE-2018-18530
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.
Thinkphp Thinkphp 5.1.25
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »