3 matches found
CVE-2018-18530
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI...
CVE-2018-18530
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI...
CVE-2018-18530
ThinkPHP 5.1.25 contains a SQL Injection via the count parameter caused by mishandling of the aggregate variable in library/think/db/Query.php. The flaw enables injection with a backquote character in the attack URI. Affected product: ThinkPHP (PHP framework); root cause: aggregate handling in Qu...