ThinkPHP SQLi Vulnerability

2022-05-1401:53:42

Google

osv.dev

0.002 Low

EPSS

Percentile

54.5%

JSON

ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.

CPENameOperatorVersion
topthink/frameworkeq5.1.14
topthink/frameworkeq5.1.12
topthink/frameworkeq5.0.7
topthink/frameworkeq5.1.24
topthink/frameworkeq5.0.14
topthink/frameworkeq5.0.13
topthink/frameworkeq5.0-rc1
topthink/frameworkeq5.1.5
topthink/frameworkeq5.0.6
topthink/frameworkeq5.1.3

Name	Operator	Version
topthink/framework	eq	5.1.14
topthink/framework	eq	5.1.12
topthink/framework	eq	5.0.7
topthink/framework	eq	5.1.24
topthink/framework	eq	5.0.14
topthink/framework	eq	5.0.13
topthink/framework	eq	5.0-rc1
topthink/framework	eq	5.1.5
topthink/framework	eq	5.0.6
topthink/framework	eq	5.1.3