Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

825 matches found

NVD
NVDadded 2018/10/19 8:29 p.m.28 views

CVE-2018-18530

ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI...

9.8CVSS9.9AI score0.01202EPSS
Exploits1References1
NVD
NVDadded 2018/10/19 8:29 p.m.24 views

CVE-2018-18529

ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI...

9.8CVSS9.9AI score0.01202EPSS
Exploits1References1
OSV
OSVadded 2018/10/19 8:29 p.m.15 views

CVE-2018-18529

ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI...

9.8CVSS8.5AI score
Exploits0References1
OSV
OSVadded 2018/10/19 8:29 p.m.15 views

CVE-2018-18530

ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI...

9.8CVSS8.5AI score
Exploits0References1
Prion
Prionadded 2018/10/19 8:29 p.m.21 views

Sql injection

ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI...

7.5CVSS9.8AI score0.01202EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2018/10/19 8:0 p.m.44 views

CVE-2018-18530

ThinkPHP 5.1.25 contains a SQL Injection via the count parameter caused by mishandling of the aggregate variable in library/think/db/Query.php. The flaw enables injection with a backquote character in the attack URI. Affected product: ThinkPHP (PHP framework); root cause: aggregate handling in Qu...

9.8CVSS9.9AI score0.01202EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2018/10/19 8:0 p.m.29 views

CVE-2018-18529

ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI...

10AI score0.01202EPSS
Exploits1References1
CVE
CVEadded 2018/10/19 8:0 p.m.50 views

CVE-2018-18529

ThinkPHP 3.2.4 is affected by an SQL injection in the count parameter due to the parseKey function in Library/Think/Db/Driver/Mysql.class.php mishandling the key variable. This is documented across multiple sources (NVD, Red Hat, GHSA, CNVD, osv) and consistently references the same root cause. T...

9.8CVSS9.9AI score0.01202EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2018/10/19 8:0 p.m.26 views

CVE-2018-18530

ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI...

10AI score0.01202EPSS
Exploits1References1
CNVD
CNVDadded 2018/10/11 12:0 a.m.1 views

SQL Injection Vulnerability in LFCMS v3.8.6

LFCMS is a film and television content management system developed in PHP and based on THINKPHP framework suitable for all kinds of video, film and television websites. LFCMS v3.8.6 exists SQL injection vulnerability, the vulnerability stems from the failure to filter pid parameters, attackers ca...

7.9AI score
Exploits0
CNVD
CNVDadded 2018/09/28 12:0 a.m.1 views

ThinkPHP SQL Injection Vulnerability (CNVD-2018-20227)

ThinkPHP is an open source, lightweight PHP-based web application development framework. A SQL injection vulnerability exists in the 'delete' function in ThinkPHP version 5.1.24. A remote attacker can exploit this vulnerability by controlling the value of the query parameter to delete a user...

9.8CVSS9.6AI score0.01537EPSS
Exploits1References1
NVD
NVDadded 2018/09/26 9:29 p.m.20 views

CVE-2018-17566

In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request...

9.8CVSS9.9AI score0.01537EPSS
Exploits1References1
OSV
OSVadded 2018/09/26 9:29 p.m.16 views

CVE-2018-17566

In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request...

9.8CVSS8AI score
Exploits0References1
Prion
Prionadded 2018/09/26 9:29 p.m.18 views

Sql injection

In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request...

7.5CVSS9.8AI score0.01537EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2018/09/26 9:0 p.m.24 views

CVE-2018-17566

In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request...

9.9AI score0.01537EPSS
Exploits1References1
CVE
CVEadded 2018/09/26 9:0 p.m.49 views

CVE-2018-17566

In ThinkPHP 5.1.24, the inner function delete is vulnerable to SQL injection when the WHERE condition value can be controlled by a user, enabling attackers to alter queries. The CVE-2018-17566 entry is supported by multiple sources (e.g., GHSA/CNVD/NVD) and notes the vulnerability stems from the ...

9.8CVSS9.8AI score0.01537EPSS
Exploits1References1Affected Software1
Prion
Prionadded 2018/09/07 5:29 a.m.14 views

Design/Logic Flaw

Gxlcms 1.0 has XSS via the PATHINFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php...

4.3CVSS5.9AI score0.0073EPSS
Exploits1References2Affected Software1
Veracode
Veracodeadded 2018/09/03 5:56 a.m.22 views

SQL Injection

ThinkPHP is vulnerable to SQL injection. A remote attacker is able to inject arbitrary SQL commands through the public/index/index/test/index query string...

9.8CVSS9.8AI score0.02113EPSS
Exploits1References3Affected Software1
Prion
Prionadded 2018/09/03 2:29 a.m.19 views

Sql injection

ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...

7.5CVSS9.8AI score0.02113EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2018/09/03 2:29 a.m.23 views

CVE-2018-16385

ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...

9.8CVSS9.9AI score0.02113EPSS
Exploits1References2
Rows per page
Query Builder