thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted...
9.8CVSS
9.5AI Score
0.002EPSS
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including...
9.8CVSS
9.4AI Score
0.048EPSS
8.8CVSS
8.8AI Score
0.001EPSS
9.8CVSS
9.9AI Score
0.002EPSS
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key...
9.8CVSS
9.9AI Score
0.002EPSS
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack...
9.8CVSS
9.9AI Score
0.002EPSS
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack...
9.8CVSS
9.9AI Score
0.002EPSS
ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted...
9.8CVSS
9.7AI Score
0.002EPSS
ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted...
9.8CVSS
9.6AI Score
0.002EPSS
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver...
9.8CVSS
9.4AI Score
0.003EPSS
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging...
7.5CVSS
7.4AI Score
0.013EPSS
A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control...
8.8CVSS
8.8AI Score
0.004EPSS
SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in...
9.8CVSS
9.8AI Score
0.002EPSS
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component...
9.8CVSS
9.5AI Score
0.004EPSS
ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component...
9.8CVSS
9.5AI Score
0.011EPSS
thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains...
6.1CVSS
5.9AI Score
0.001EPSS
Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER')] then there is a XSS...
6.1CVSS
5.8AI Score
0.001EPSS
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query"...
9.8CVSS
9.7AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the...
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's...
9.8CVSS
9.8AI Score
0.002EPSS
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query...
9.8CVSS
9.9AI Score
0.003EPSS