thinkphp 安全漏洞

ThinkPHP is a PHP-based, open source, lightweight web application development framework from China's Top Thinking Information Technology ThinkPHP. A security vulnerability exists in thinkphp version v.5.1, which stems from a routecheck function that allows execution of arbitrary code...

OneBase 代码注入漏洞

OneBase is Bigotry individual developers of an open source free infrastructure based on ThinkPHP5 development. A code injection vulnerability exists in OneBase 1.3.6 and earlier versions, which originates from a cross-site scripting attack due to the incorrect operation of the parameter args in t...

DaiCuo 安全漏洞

DaiCuo DaiCuo is an adaptive backend management framework based on ThinkPHP, Bootstrap and Jquery by China-based DaiCuo. A security vulnerability exists in DaiCuo 1.3.13 and earlier versions, which stems from a cross-site request forgery due to incorrect operation of the file /admin.php/addon/ind...

CVE-2024-34467

ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...

CVE-2024-44902

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...

CVE-2024-48112

A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...

CVE-2022-25481

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode...

CVE-2022-47945

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

CVE-2022-44289

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell...

CVE-2022-33107

ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

CVE-2022-38352

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

CVE-2022-45982

thinkphp 6.0.06.0.13 and 6.1.06.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

CVE-2021-43682

thinkphp-bjyblog last update Jun 4 2021 is affected by a Cross Site Scripting XSS vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains $SERVER'HTTPHOST'...

CVE-2021-43697

Workerman-ThinkPHP-Redis last update Mar 16, 2018 is affected by a Cross Site Scripting XSS vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $GETC'VARJSONPHANDLER' then there is a XSS vulnerability...

CVE-2021-36564

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php...

CVE-2021-36567

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...

CVE-2020-20120

ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods...

CVE-2020-35339

In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server...

CVE-2020-19705

thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home=message=add...

CVE-2018-18529

ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI...