CVE-2018-18546

ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable...

CVE-2018-18530

ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI...

CVE-2022-27442

TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password...

EyouCMS 安全漏洞

EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou. A security vulnerability exists in EyouCMS 1.7.7 and earlier versions, which stems from a misuse of the function saveRemote in the file application/function.php, which could lead to server-side request...

EyouCMS 代码问题漏洞

EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou. A code issue vulnerability exists in EyouCMS 1.7.7 and earlier versions, which stems from incorrect manipulation of the parameter attstr in the file application/api/controller/Ajax.php, which could lead ...

EyouCMS SQL注入漏洞

EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou. EyouCMS 1.7.6 and previous versions exist SQL injection vulnerability, the vulnerability stems from the wrong operation of the parameter content in the file /application/admin/logic/FilemanagerLogic.php,...

FastAdmin SQL注入漏洞

FastAdmin is a set of web backend development framework based on ThinkPHP and Bootstrap by Karson's personal developer. FastAdmin 1.7.0.20250506 and earlier versions exist SQL injection vulnerability, the vulnerability stems from the application/common/controller/Backend.php file...

Exploit for Deserialization of Untrusted Data in Thinkphp

CVE-2024-44902 - ThinkPHP Insecure Deserialization RCE Vulner...

VulnCheck KEV: CVE-2024-44902

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...

wtcms SQL注入漏洞

wtcms is a ThinkPHP-based content management system CMS by Taosir Individual Developer. An SQL injection vulnerability exists in wtcms, which stems from incorrect manipulation of the parameter ids in the file application/Comment/Controller/CommentadminController.class.php, which could lead to SQL...

CVE-2025-63888

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability...

CVE-2025-63889

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value...

CVE-2025-63889

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value...

CVE-2025-63889

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value...

CVE-2025-63888

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability...

CVE-2025-63888

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability...

CVE-2025-63889

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value...

CVE-2025-63889

Summary: CVE-2025-63889 affects ThinkPHP 5.0.24, where the fetch function in thinkphp/library/think/Template.php can read arbitrary files via a crafted file path supplied in a template value. Affected component: ThinkPHP 5.0.24, Template.php fetch logic. Impact (as stated): Local/file-read capabi...

CVE-2025-63888

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability...

PT-2025-47611

Name of the Vulnerable Software and Affected Versions ThinkPHP version 5.0.24 Description The read function within the thinkphplibrarythinktemplatedriverFile.php file in ThinkPHP 5.0.24 has a remote code execution issue. The function allows for the execution of arbitrary code. Recommendations At...