ThinkPHP prior to 5.1.23 allows SQL Injection via the public/index/index/test/index query string.
thinkphp thinkphp