GHSA-J7G8-3QQG-8CVM ThinkPHP SQLi Vulnerability

ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable...

ThinkPHP SQLi Vulnerability

ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable...

CVE-2018-18546

ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable...

Sql injection

ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable...

CVE-2018-18546

ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable...

CVE-2018-18546

CVE-2018-18546 affects ThinkPHP 3.2.4. The vulnerability is an SQL Injection via the order parameter caused by mishandling of the key in Library/Think/Db/Driver.class.php parseOrder. Public CVSS details indicate high to critical impact (CVSS2 base 7.5; CVSS3 base 9.8). Exploitation details are no...

yershop多用户商城系统 Driver.class.php等多处SQL注入漏洞

0x01漏洞简介 yershop是采用thinkphp框架开发的一套商城系统。其在以下3处存在SQL注入漏洞： 1Driver.class.php 可以通过以下的payload进行注入： index.php?c=Article&a=index&category0==1 or updatexml1,concat1,select concatuser,1,version,1%23in&category1=xxxx 2TuanController.class.php 可以通过以下的payload进行注入： /index.php?c=Tuan&a=category&id0==1 or...

ThinkPHP v3.1-3.2 Driver.class.php SQL注入漏洞

No description provided by source...