CVE-2018-17566
In ThinkPHP 5.1.24, the inner function delete is vulnerable to SQL injection when the WHERE condition value can be controlled by a user, enabling attackers to alter queries. The CVE-2018-17566 entry is supported by multiple sources (e.g., GHSA/CNVD/NVD) and notes the vulnerability stems from the ...